Cybersecurity researchers have unraveled a malicious campaign that tricked Android users with malicious apps in order to hijack their Facebook accounts.
According to researchers at mobile security company Zimperium, the campaign managed to hoodwink over 10,000 users across 140 countries.
“Forensic evidence of this active Android Trojan attack, which we have named FlyTrap, points to malicious parties out of Vietnam running this session hijacking campaign since March 2021. These malicious applications were initially distributed through both Google Play and third-party application stores,” Zimperium’s Aazim Yaswant wrote in a blog post detailing the campaign.
- Check our list of the best identity management services
- These are the best endpoint protection tools
- We’ve also compiled a list of the best Android antivirus apps
Yashwant notes that the researchers were able to turn the tables on the threat actors and used vulnerabilities in their command and control (C2) servers to deconstruct the campaign. Worryingly however he notes that these vulnerabilities also expose the entire database of stolen details to anyone on the internet.
Social engineering
According to Yashwant, on the face of it, the FlyTrap campaign is a run-off-the-mill scam that deceives people into voluntarily giving up their Facebook credentials. It does this by luring them with free coupon codes for services such as Netflix, Google AdWords, and more.
However, the malicious apps use the real Facebook single sign-on (SSO) service, which prevents them from harvesting users’ credentials.
The threat actors work around this problem by using a trick known as JavaScript injection to instead collect various other pieces of sensitive data associated with the Facebook session, including cookies and tokens.
This allows them to effectively hijack the Facebook session, which they then use to spread the malware by running malicious campaigns through the Facebook user’s network.
Google has since removed the malicious apps from the Play Store, after being sounded off by Zimperium. However, the apps are still available on third-party app stores and can still be side-loaded.
- Protect your devices with these best antivirus software
