FlyTrap Android Trojan is on the spree of harvesting Facebook credentials. It is spread via simple phishing campaigns. It tricks user with promises of free Netflix coupon codes, Google Adword credits or voting for football game winners. FlyTrap uses JavaScript injection to hijack sessions by logging into the original and legitimate domain. Its utilizes real Facebook single sign-on (SSO) service, so they cannot collect users credentials. Instead, it collect other sensitive data such as Facebook ID, Location, Email address, IP address and Cookies and tokens associated with the Facebook account. These hijacked Facebook data can be used to spread the malware by abusing the victim's social credibility through personal messaging with links to the Trojan, as well as propagating propaganda or disinformation campaigns using the victim's geo-location details.
FlyTrap Trojan Signatures
Family: Android.PWS.Facebook.29
MD5: ca24828d758f88b98bb66a6922ea1fb9
SHA256: 30a3ad09199660baca6410a4ada290887390d9453d95eb1e84bdd984c89ecc3a
FlyTrap Trojan Download