New FlyTrap Android malware: what it is and how to avoid
Android Malware is no different from the malware found on other devices. They are malicious codes written to target androids using spyware, adware, trojans, ransomware, viruses, etc. Malware has been a constant threat to any infrastructure. Not a single day goes by without hearing that somewhere, someone was affected by malware. Where do you think this malware enters your devices? Android users are prone to side-loading an application from unknown sources when unavailable in the Play Store. This compels the user to waive specific security permissions to install the malicious application.
A new Android Trojan (FlyTrap) was discovered recently and has been seen in almost 144 countries while compromising more than 10,000 Facebook accounts. Due to the distribution of fraudulent applications through the Google Play Store and other third-party application vendors, the attackers have successfully spread the Flytrap trojan since March 2021. Forensics investigations have revealed that threat actors in Vietnam are operating the trojan.
FlyTrap’s attack pattern
The threat group’s specialty is to use social engineering like free coupon codes for Netflix, Google AdWords coupon codes, and the sharing of online surveys where users vote for things like their favorite soccer teams or players to mask malicious applications. These highly graphic, fake coupons tempt users into logging into their Facebook account. When the users fall for this trick, the attackers can access the victim’s user account, email address, IP address, location, and cookies or tokens associated with that account.
Once the attacker gains control over the victim’s Facebook account, it operates as a legitimate user. It continues to spread this malicious campaign by sending more phishing links to the user’s friends via Facebook Messenger or posts. These compromised accounts can be used as a botnet for the malicious purpose of boosting the popularity of pages/sites/products used to spread misinformation.
Security concerns aren’t limited to Android users
This kind of trojan can spread quickly from one Facebook user to another. It also concerns the researchers that the attackers could exfiltrate more critical information like banking credentials when gaining access. This attack is an example that even when there are no specific security threats or vulnerabilities in the network or the system, a simple man-in-middle hijacking attack can easily make anyone a victim. It is disturbing that this trojan could be offered as a service to make money or could also eventually function as ransomware.
In most cases, a victim and their Android device will be vulnerable, but only at the individual level. However, when the individual uses their personal Android device in their employee role and becomes affected, it could lead to a massive loss of the company’s confidential and essential data. It could also be tricky when a user’s malware-infested Android finds its way into the organization’s wireless access points when registered under a BYOD program. The attacker may take advantage of this by making it a point-of-entry into organizations and evolving into a more powerful attack.
How to protect yourself as well as your organization
It is crucial to understand that clicking on an unknown link can make your life upside down, as these offers are usually too good to be true. The impulsive actions of humans create this vulnerability and eventually leave a large chunk of data for the malicious actors to misuse. Two things to help stay safe:
- Only log in to social networking websites from the original application.
- Only download applications from the Play Store that appear to be legitimate.
As a reminder, these attacks rely on a path between the victim’s device and a malicious C2 server. Even in a BYOD (bring your own device) situation, you can prevent this communication path by using a solution that monitors all connections to your network, inbound and outbound.