Android malware believed to be spreading from Vietnam has attacked more than 10,000 Facebook accounts in 140 countries

Tram Ho

A new type of Android Trojan has been identified by cybersecurity company Zimperium, which may have hit more than 10,000 victims in 144 countries.

The Trojan – dubbed FlyTrap by Zimperium researchers – has been able to spread through “social media hijacking, third-party app stores, and external apps” since May. 3.

Zimperium’s zLabs mobile threat research teams first identified the software as containing malicious code and discovered that it used social linking tricks to compromise Facebook accounts.

This malware takes over social media accounts by infecting Android devices, allowing attackers to collect information from victims such as Facebook IDs, location, email addresses, and IP addresses. , as well as cookies and tokens associated with Facebook accounts.

Mã độc Android được cho là phát tán từ Việt Nam đã tấn công hơn 10.000 tài khoản Facebook trên 140 quốc gia - Ảnh 1.

FlyTrap . trojan distribution map

FlyTrap’s operation, as the name “Fly Trap Flower”, is based on users’ curiosity and “free” preference and then entices them.

“These hacked Facebooks can be used to spread malware by abusing the victim’s social reputation through private messaging with a link to the Trojan, as well as a Trojan horse, ” the Zimperium researchers wrote. such as propagating campaigns or disinformation using victim’s geographic location details”.

“These social techniques are highly effective in the digitally connected world and are often used by cybercriminals to spread malware from one victim to another. The bad guys have used it. Some topics users find interesting like free Netflix voucher codes, Google AdWords coupon codes, and voting games for the best team or player.”

Of course, there are no free Netflix or AdWords codes or vouchers, and no pro-soccer votes are taken. Instead, the malicious apps are just waiting to get Facebook login information when they want to log in to get the promotion. They will make a last-ditch effort to look legit by launching a message saying the coupon or code has expired, as shown in the screenshot below.

Mã độc Android được cho là phát tán từ Việt Nam đã tấn công hơn 10.000 tài khoản Facebook trên 140 quốc gia - Ảnh 2.
Mã độc Android được cho là phát tán từ Việt Nam đã tấn công hơn 10.000 tài khoản Facebook trên 140 quốc gia - Ảnh 3.

The researchers assumed that the malware came from hacker groups operating in Vietnam and said these people could distribute the trojan using Google Play and other app stores.

These are apps that contain trojans:

GG Voucher (com.luxcarad.cardid)
Vote European Football (com.gardenguides.plantingfree)
GG Coupon Ads (com.free_coupon.gg_free_coupon)
GG Voucher Ads (com.m_application.app_moi_6)
GG Voucher (com.free.voucher)
Chatfuel (com.ynsuper.chatfuel)
Net Coupon (com.free_coupon.net_coupon)
Net Coupon (com.movie.net_coupon)
EURO 2021 Official (com.euro2021)

Google was sent a report of the malware, verified it and removed all relevant apps from the store, but the report notes that three of the apps are still available on the “store”. third-party apps, not secure.”

Join : ZDNet

Share the news now

Source : Genk