Cybersecurity company Zimperium has unveiled a new campaign to spread Android malware by hacking social media accounts, infiltrating alternative app stores, or encouraging downloads of malware from unverified sites or links.
According to the Zimperium report, the FlyTrap Trojan affected more than 10,000 devices in 144 countries. ZLabs mobile threat research teams at Zimperium identified malware and found that social engineering is commonly used to spread it, with Facebook accounts compromised. The Trojan hacks into accounts, penetrates users’ Android electronics, collects data, including not only Facebook ID, but also, for example, IP, email addresses and information about the user’s location, as well as cookies and tokens associated with the account.
After hacking accounts, it is possible to send malware to the user’s contacts, as well as spread all kinds of propaganda and misinformation based on information about the user’s geolocation. Potential victims are lured in with free Netflix coupons, Google AdWords coupons, or, for example, by being invited to vote for the best football team. It is believed that the criminals are in Vietnam, using the Play Store and other channels to distribute their own software.
According to experts, FlyTrap techniques are nothing new, but they are quite effective due to weak device protection. The greatest threat is not the very fact of infection or even the use of a smartphone by cybercriminals, but the “network” nature of the Trojan’s distribution from one user to many on the principle of a snowball.
Moreover, attackers can modify software to access more important programs like banking applications. This is one of the worst, but not the worst, scenario. Transformation into ransomware that affects hundreds of thousands of accounts is not excluded.