• Home
  • |
  • Blog
  • |
  • How Does FlyTrap Trojan Hijack Facebook Accounts?
FlyTrap Trojan

If you have a Facebook account and an Android phone. You must be aware of a new Trojan dubbed ‘FlyTrap’ that has compromised more than 10,000 Facebook accounts across 144 countries. How does FlyTrap trojan hijack Facebook accounts, how can you prevent yourself from being the victim of the attack, and what should you do if your account has been compromised? Let’s see the answers to all these questions in this post.

What Is FlyTrap Trojan?

FlyTrap is a recently uncovered malware program added to the family of Trojans that leverage social engineering tricks to compromise victim’s Facebook accounts, 

What Does FlyTrap Trojan Capable Of Doing?

FlyTrap Trojan steals the victim’s Facebook accounts via trojanised Android applications and collects the victim’s Facebook ID, location, email address, IP address, cookies, and tokens associated with the Facebook account to carry out the further spread of malware by running disinformation campaigns. 

It is also possible for FlyTrap Trojan to abuse the victim’s social credibility through personal messaging with links to the Trojan. 

Information Collected By FlyTrap Trojan:

  • Facebook ID
  • Location
  • Email address
  • IP address
  • Cookies and tokens associated with the Facebook account.

The Victims Of FlyTrap Trojan

Analysis report says there is no sign of targeting a specific group, community, geolocation, or country. Victims are around the globe. Since March 20201, This new Trojan has compromised more than 10,000 victims across 144 countries. The Zimperium zLabs mobile threat research team released a global map of victims.  

By Zimperium’s zLabs mobile threat team

How Does FlyTrap Trojan Hijack Facebook Accounts?

Before we go in-depth, we just want to tell you that FlyTrap Trojan initially distribute the trojanised Android application through google and third-party play stores. Google has removed the infected apps from its play store, but these applications are still available on many third-party play stores. Just downloading the infected Android apps is not enough for the Trojan to hijack the victim’s Facebook accounts. The malware uses a lot of social engineering tricks to make the user supply their credentials. Let see what social engineering tricks the malware uses to hijack the credentials in depth. And, How Does FlyTrap Trojan Hijack Facebook Accounts?

Actors behind the FlyTrap Trojan attract victims with many exciting offers such as free Netflix coupon codes, free Google AdWords coupon codes, and voting for the best football (soccer) team or player. They just make victims download and install the infected apps hosted on Google and other third-party play stores.

After users install the applications, those malicious applications engage users with their high-quality design pages and force the users to respond. 

By Zimperium’s zLabs mobile threat team
By Zimperium’s zLabs mobile threat team

If a user came into the trap and responded, the apps will show the Facebook login page and ask him to log in to his Facebook account to get the free coupon. The fact is, no coupon code will get generated. But, the app tries to justify by showing a fake coupon code to the user. The truth is that the displayed Facebook login page was a phishing Facebook login page. 

By Zimperium’s zLabs mobile threat team
By Zimperium’s zLabs mobile threat team

FlyTrap Trojan sitting inside the app will also use original and legit domains to capture the victim’s Facebook credentials using JavaScript injection techniques. According to Zimperium’s zLabs mobile threat team “Using this technique, the application opens the legit URL inside a WebView configured with the ability to inject JavaScript code and extracts all the necessary information such as cookies, user account details, location, and IP address by injecting malicious JS code.” Click here to read the original report.

How To Protect Yourselves From FlyTrap Trojan Infections?

  1. Please Don’t install any untrusted applications either from Google Play store or any other third party play store.
  2. Remove these apps from your phone installed knowingly or unknowingly.
  3. Take the subscription of premium antimalware solutions and keep the definitions up to date.
  4. Don’t click any unknown links.
  5. Don’t come to the freebee trap. Always remember that “No meal will come for free.”
  6. Don’t share any credentials with personal details.
  7. Don’t log in or enter your credentials without confirmation.
  8. Don’t allow access to use your phone’s camera, photos, messages, contacts for other third-party applications.

Indicators Of Compromise Of FlyTrap Trojan

Android Apps Serving FlyTrap Trojan:

  • com.luxcarad.cardid : GG Voucher
  • com.gardenguides.plantingfree : Vote European Football
  • com.free_coupon.gg_free_coupon : GG Coupon Ads
  • com.m_application.app_moi_6 : GG Voucher Ads
  • com.free.voucher : GG Voucher
  • com.ynsuper.chatfuel : Chatfuel
  • Com.free_coupon.net_coupo n : Net Coupon
  • com.movie.net_coupon : Net Coupon
  • com.euro2021 : EURO 2021 Official

File Serving FlyTrap Trojan- Fingerprints/Hash Values:

  • 00833ff71a1709e60cb04acbcc7ceecd56323e693de3c424fb37205204d43105
  • fa08c2ca7d8614be2b0b58095d0f3115464e9139bf5051c4f3da15963bb31062
  • 30a3ad09199660baca6410a4ada290887390d9453d95eb1e84bdd984c89ecc3a
  • 8e6c98b247a2bb34d5004c3f14d2cbf2a22c987f960e86c760d44766f9361c59
  • 21b85beb9992fccb268fcef2904c5e6591a3c80b7fa8dd201e28782887fea2cb
  • d1cf14ccbc8f718111e59f9173475b2882dc6d1ca381ff3b726f2b471711aa7e
  • c4eed338a3449c57eb919eac9a41b5b5ca4d0223fda341005e68f5b673d745ad
  • 3b0137302a6b93cc4dd4d0a58749fc959f8d9ad26d022d6b10dc3d7608af3279
  • 3cd5cee4326d48c0b1f0c40d3b8f3e0d7ef7ef2b782afbe95e07a3d519ba5aee
  • 1a3b448853479bf6b23d283bd44b0458132c3cda1648eac631dfdc178aee5ac0
  • 5d671f5ed5e5855dc5727412b2a9293f42b7b5f31c3b924a30beacd8304863b6
  • 64f4f085050294d064860d0c9e323bbf21cb4f66773944646a9eaf4eab49e115
  • 8e2aa1a1a144f84511aafd76c83a23e33c3c107c914bb67761df32f6b68b6cf5
  • 96b235bc715d6089a163ca212d1e752c26918b3d3b1acec5bdebbdd1b40c4b85
  • f8845f98ca1233b6db2ef44913a115f3093308846ba805aaaf21753d97e4219c

Command & Controle Servers Of FlyTrap Trojan:

  • hxxp://47.57.237.26
  • hxxp://165.232.173.244:3023
  • hxxps://manage-ads.com
  • hxxp://quanlysanpham.work

Thanks for reading the post. Please share this post and help to secure the digital world.

About the author

Arun KL

To know more about me. Follow me on LinkedIn Hi All, I am Arun KL, an IT Security Professional. Founder of “thesecmaster.com”. Enthusiast, Security Blogger, Technical Writer, Editor, Author at TheSecMaster. To know more about me. Follow me on LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Learn Something New with Free Email subscription

Email is also one of the ways to be in touch with us. Our free subscription plan offers you to receive post updates straight to your inbox.