ANDROID TROJAN ‘FLYTRAP’

BACKGROUND
      
Researchers have identified a new Android trojan named FlyTrap, which has affected more than 10,000 victims in over 140 countries since March. It has been able to spread through social media hijacking, third-party app stores, and sideloaded applications.
 
The malware uses social engineering tricks to compromise Facebook accounts, seemingly offering free Netflix coupon codes, Google AdWords coupon codes, or voting for the best football team.
 
FlyTrap is distributed via Google Play and other app stores. However Google Play have removed the malicious apps from the store, but the apps are still available on unsecured third-party app stores.

These are 9 apps to avoid:                                 

  • •    GG Voucher (com.luxcarad.cardid)        
  • •    Vote European Football (com.gardenguides.plantingfree)   
  • •    GG Coupon Ads (com.free_coupon.gg_free_coupon)           
  • •    GG Voucher Ads (com.m_application.app_moi_6)    
  • •    GG Voucher (com.free.voucher)            
  • •    Chatfuel (com.ynsuper.chatfuel)           
  • •    Net Coupon (com.free_coupon.net_coupon)             
  • •    Net Coupon (com.movie.net_coupon)  
  • •    EURO 2021 Official (com.euro2021)

MODUS OPERANDI
      
Once victims are convinced to download the app, the app urges users to engage and eventually asks the user to enter their Facebook account information in order to vote on something or collect coupon codes. Once everything is entered, the app takes victims to a screen that says the coupon has already expired.
 
The malware hijacks Facebook accounts and allows attackers to collect information such as Facebook ID, location, email address, IP address, cookies and tokens tied to the Facebook account. These hijacked sessions can be used to spread the malware.

IMPACT

  • •    Compromise of the user’s Android device
  • •    Exposure of confidential information such as password, usernames, and other data
  • •    May lead to identity theft

 
SYSTEM AFFECTED
 
All Android operated devices i.e. smartphones and tablets
 
RECOMMENDATIONS
 

  • •    Android users should check if they have installed any of the 9 malicious apps listed above which contain FlyTrap. Exposure of confidential information such as password, usernames, and other data
  • •    Avoid downloading and installing applications from untrusted sources. Only download apps from Google Play Store for Android and App Store for iOS devices.
  • •    Do not respond to suspicious messages or click any suspicious links on social media.
  • •    Disable unknown sources on Android. 

Go to Settings > Security, and make sure that the “unknown sources” option isn’t selected

  • •    Enable multi-factor authentication (MFA) for all social media accounts and any other accounts with access to sensitive and private data.
  • •    Install antivirus and update it regularly.
  • •    Ensure that the phone's firmware and installed applications are kept up to date.
  • •    Strong passwords should always be used to secure all social media accounts