Android malware believed to be spreading from Vietnam has attacked more than 10,000 Facebook accounts in 140 countries

Security firm Zimperium has discovered a malicious campaign spreading through social media hijacking, third-party app stores, and externally installed apps.

A new type of Android Trojan has been identified by cybersecurity company Zimperium, which may have hit more than 10,000 victims in 144 countries.

The Trojan - dubbed FlyTrap by Zimperium researchers - has been able to spread through "social network hijacking, third-party app stores, and external apps" since May. 3.

Zimperium's zLabs mobile threat research teams first identified the software as containing malicious code and discovered that it used social linking tricks to compromise Facebook accounts.

This malware takes over social media accounts by infecting Android devices, allowing attackers to collect information from victims such as Facebook IDs, location, email addresses and IP addresses. , as well as cookies and tokens associated with Facebook accounts.

Android malware believed to be spreading from Vietnam has attacked more than 10,000 Facebook accounts in 140 countries Picture 1 Android malware believed to be spreading from Vietnam has attacked more than 10,000 Facebook accounts in 140 countries Picture 1

FlyTrap's operation, as the name "Fly Trap Flower", is based on users' curiosity and like "free" and then lures them.

"These hacked Facebooks can be used to spread malware by abusing the victim's social reputation through a private message with a link to the Trojan, as well as a Trojan horse," the Zimperium researchers wrote. such as propagating campaigns or disinformation using the victim's geographic location details".

"These social techniques are highly effective in the digitally connected world, and are often used by cybercriminals to spread malware from one victim to another. The bad guys have used it. Some topics users find interesting like free Netflix voucher codes, Google AdWords coupon codes and voting games for the best team or player'.

Of course, there are no free Netflix or AdWords codes or vouchers, and no pro-soccer votes are taken. Instead, the malicious apps are just waiting to get Facebook login information when they want to log in to get the promotion. They will make a last-ditch effort to look legit by launching a message saying the coupon or code has expired, as shown in the screenshot below.

Android malware believed to be spreading from Vietnam has attacked more than 10,000 Facebook accounts in 140 countries Picture 2 Android malware believed to be spreading from Vietnam has attacked more than 10,000 Facebook accounts in 140 countries Picture 2

Android malware believed to be spreading from Vietnam has attacked more than 10,000 Facebook accounts in 140 countries Picture 3 Android malware believed to be spreading from Vietnam has attacked more than 10,000 Facebook accounts in 140 countries Picture 3

The researchers assumed that the malware came from hacker groups operating in Vietnam and said these people could distribute the trojan using Google Play and other app stores.

These are the applications that contain trojans:

GG Voucher (com.luxcarad.cardid)
Vote European Football (com.gardenguides.plantingfree)
GG Coupon Ads (com.free_coupon.gg_free_coupon)
GG Voucher Ads (com.m_application.app_moi_6)
GG Voucher (com.free.voucher)
Chatfuel (com.ynsuper.chatfuel)
Net Coupon (com.free_coupon.net_coupon)
Net Coupon (com.movie.net_coupon)
EURO 2021 Official (com.euro2021)

Google was sent a report of the malware, verified it and removed all relevant apps from the store, but the report notes that three of the apps are still available on the "store". third-party apps, not secure."