Android Flytrap ensnaring Facebook users

Published 08/18/21 at 9:00 AM

Thousands of Android users are finding themselves ensnared in the Flytrap malware web. Currently seen in 140 different countries, Flytrap arrives via compromised Google Play apps or third-party apps and uses social engineering to compromise Facebook accounts. (Google Play has since removed the malicious apps after being alerted by security researchers.)

The apps range from free Netflix coupons to tools for voting for your favorite European football/soccer team. To deliver the malicious payload, users are first asked to log into Facebook after downloading the app. The malware then scraps the Facebook credentials, including the Facebook ID, location, email address, IP address, and any cookies or token related to the Facebook account. With Facebook credentials in hand, the malware uses JavaScript injection to hijack account sessions and spread itself via socially engineered links to encourage other users to download the malware.

Next Steps

Android users can avoid the Flytrap snare (and other similar types of malware) by disallowing the download of any untrusted or third-party applications. Users should also enable multifactor authentication to protect sensitive accounts and information. Mobile device management (MDM) can also help minimize the risks associated with employees using their own devices to access business systems.