Published: April 24, 2022 on our newsletter Security Fraud News & Alerts Newsletter.
The next time you get a message from a friend while on Facebook, think before you act. That message could be from FlyTrap, an Android Trojan using social engineering tactics to draw you into its web. Researchers from Zimperium first discovered, then named the malware “FlyTrap” for its ability to spread through “social media hijacking, third-party app stores, and sideloaded applications” according to their findings. FlyTrap has compromised over 10,000 Facebook user accounts in 140 countries. Nine apps carrying FlyTrap Trojan have since been removed from Google Play Store.
Zimperium found FlyTrap may be part of a family of trojans operating out of Vietnam. This Trojan family uses social engineering tactics, among others, to spread and infect its malware. There’s no denying Facebook provides a perfect setting for FlyTrap to flourish. Socially engineered attacks lure victims in, exploiting the human elements and emotions we all share. Once an account is compromised and a device is infected, FlyTrap collects Facebook IDs, email and IP address, location, and Facebook account tokens and cookies.
According to Zimperium, as a Facebook lure, FlyTrap “…made use of several themes that users would find appealing such as free Netflix coupon codes, Google AdWords coupon codes, and voting for the best football (soccer) team or player.” The lesson here is that “freebies” aren’t always free and could be quite costly to a user.
Protecting Your Social Media Accounts
Remember on social media, “free” could have a very high price. Approach these offers with a good dose of common sense and skepticism as your guide.
Don’t overshare on social media. What’s posted online can be used against you, especially by socially engineered attacks that take advantage of what you share.
Never “sideload” apps. Android apps downloaded from other than the official Google Play Store are extremely risky since they aren’t scanned for malware before being made available. This goes for the Apple Store too.
If it sounds too good to be true it probably is. Social media and the internet in general are chock-full of bad actors waiting to pounce, so don’t give them any reasons to make you their next target.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org