Another Trojan Malware called FlyTrap has infected over 10,000 Android devices in order to hijack Facebook credentials. Viral malware has been around almost as long as the internet, and it's a simple and effective way for bad actors to steal someone's personal details. FlyTrap is yet another one to keep an eye out for if you own an Android device.
Trojan malware is pretty simple. Once activated, the program will try to get the user to interact with it somehow. They use common methods like appealing and well-designed interfaces to entice the user to trust it. After that, it goes for important information like login credentials or other personal information. Unfortunately, these tactics often work, which leads to different forms taking shape all the time.
FlyTrap is no different. According to Zimperium, this malware has infected Android devices in over 140 countries worldwide. Through third-party app stores as well as the Google Play Store, some malicious apps spread FlyTrap to unsuspecting individuals. Since then, these apps have been removed from the Google Play store, yet still remain a threat for those who like to sideload apps. After download, FlyTrap's goal was to get the user to trust it and interact with it through false pretenses, such as a free Netflix coupon code or a Google Ads coupon. By using clean material design to gain trust, the malware would eventually get the user to use their Facebook credentials, which was its main goal. From there, using JavaScript code injection, the malware can extract personal information with ease.
How To Avoid
It's important to always be on guard when using a device or browsing the web. Information is money, and malicious apps and programs won't hesitate to steal data when given an opportunity. One key way to avoid these Trojan attacks is to always be skeptical. If a site offers something like a free Netflix coupon without being prompted, it's best not to trust it. Another useful tip is to know a companies logo design. A lot of malware will use visually similar logos as the legitimate company with key differences, but knowing exactly what a brand logo looks like can save a user's data from being hijacked. Unfortunately, FlyTrap did use a couple of prompts that are very hard to interpret as malicious. A simple poll asking which football (soccer) team was better was one of the prompts used by FlyTrap to trick people into interacting with it.
Trojan malware like FlyTrap will always be around, so it's important to know how to avoid it. Don't log in to an account with personal credentials unless it was user-initiated and be very skeptical. By keeping an eye out, a user will avoid having their data stolen like the 10,000 victims of FlyTrap.
Source: Zimperium