The zLabs team has determined that this undetected virus is part of a family of Trojans that use social engineering tricks.
Since last March, a malware called FlyTrap has stolen private information from the Facebook accounts of users around the world.
At the moment, with the known information, there are 10,000 victims of this malware from 140 different countries.
In the following lines, you have an in-depth summary of how FlyTrap works as well as tips to avoid becoming a victim.
Zimperium was the first company to sound the alarm about the presence of this malware and the amount of information it could have stolen in its months of activity, and other security companies have continued to investigate.
How FlyTrap reaches the team
This is a malicious program of trojans. Remember, Trojans try to pass unnoticed on your computers while accessing your device with the aim of performing hidden actions to open a backdoor so that other malware can gain access to it.
They can come to you posing as legitimate files. They will do this with executables that seem to make no mistake when used.
In the specific case of FlyTrap, it was discovered that it gained access to victims’ information by hijacking social networks, third-party app stores, and side-loading apps.
The zLabs team has determined that this previously undetected malware is part of a family of Trojans that use social engineering tricks to hack Facebook accounts.
The apps were distributed via Google Play and other app stores (Zimperium zLabs reported the results to Google, which verified the search provided and removed the malicious apps from the Google Play Store, but they are still available from third-party stores).
These applications may appear to be well-known services such as Netflix discounts, voting applications for teams in the already past Euro 2020, or discounts on Google Adwords. In the following image you have examples of applications containing this Trojan.
After the user trusts the application and decides to download it (the design is of high quality and great credibility), the malicious application shows the pages that attract the user and asks him to login to get the discount or vote.
When you access through your Facebook, you are actually giving your access data to the social network.
All this is just another trick to deceive the user as no actual vote or coupon code is generated.
Instead, the last screen attempts to justify the fake coupon code by displaying a message that says “Coupon has expired”.
There are ways to hijack sessions even by entering the original legitimate domain.
The data they steal is, in addition to your own identity for entering your Facebook account, your location, IP address, email, or cookie data and tokens associated with the account. With this, FlyTrap has managed to reach more users.
It makes it appear that a real user (whose data has been stolen) is sharing legitimate posts with their contacts, thus abusing the trust the individual has in their friends.
The message is sent with information about the geolocation of the victim. It is not excluded that dealing with a lot of information will lead to the theft of other data of paramount importance.
How to prevent FlyTrap from stealing your information
As always, keeping up with security news is essential to avoid being cheated. Also, never download apps in stores or on websites that you don’t know their source.
So far, 9 applications are known to be used to spread this malware, which are as follows:
com.luxcarad.carded: GG . Coupon
com.gardenguides.plantingfree: European Football Vote
com.free_coupon.gg_free_coupon: GG Coupon Ads
com.m_application.app_moi_6: GG Coupon Ads
com.free.voucher: GG Voucher
Com.free_coupon.net_coupon: net coupon
com.movie.net_coupon: net coupon
com.euro2021: official EURO 2021
But there can always be more, so the best thing to avoid falling into these traps is to avoid downloading apps you don’t know even if you get the recommendation from your Facebook contact.
If you are one of the people who downloaded some of these apps in recent months, uninstall them from your mobile phone, as the malware may still be active.
You should also change the password to access your Facebook account and warn your contacts (this can be through a general message in your profile) that if they receive something from you related to the above services, they should not accept or download any software as It is a malicious program.
That informationinstantly on your cell phone. Join the Diario Primicia group on WhatsApp through the following link: https://chat.whatsapp.com/JAVT2QhoJnADuHBKsruJpd
We’re also on Telegram as DiarioPrimicia, join here:https://t.me/diarioprimicia