| Name | Flytrap |
| Type of Malware | Android Trojan |
| Date of Initial Activity | 2021 |
| Motivation | Steal and abuse Facebook accounts and related data |
| Attack Vectors | Infected email attachments, malicious online advertisements, social engineering, deceptive applications, scam websites |
| Targeted System | Android devices |
Overview
FlyTrap is an Android Trojan built to steal Facebook credentials, location, email address, IP and more. The Trojan originally spread via fake Android apps on Google Play, encouraging the users to login to their Facebook account. At this stage FlyTrap uses JavaScript injection to hijack the session and sends its details to the C&C server, allowing the attackers to gain access to the Facebook account, from a remote location.
Targets
Android devices users worldwide.
Tools/ Techniques Used
FlyTrap has been distributed in the form of variously disguised malicious apps. The researched applications were presented as coupon and discount code generators for services like Netflix, Google AdWords, and others.
Football (soccer) related apps have been in use as well; these centered various polls and voting for the best football leagues, teams, and players. The malicious applications were spread through the Google Play Store and questionable third-party download sources.
Impact / Significant Attacks
Spread to over 10,000 victims across at least 140 countries.
