According to Zimperium’s report, FlyTrap has been distributed on the Google Play store in the guise of various apps promising Netflix coupons, European football voting, and more. If your Android device is infected and you log in to Facebook, FlyTrap will dig up your Facebook ID, location info, email address, and your IP address. Hijacked Facebook sessions also can be used to spread FlyTrap to other users by automatically sending links to download the malware. Zimperium reports that it has verified over 10,000 FlyTrap victims across 144 countries (including the US and Canada). “Just like any user manipulation, the high-quality graphics and official-looking login screens are common tactics to have users take action that could reveal sensitive information,” said Zimperium in its report. “In this case, while the user is logging into their official account, the FlyTrap Trojan is hijacking the session information for malicious intent.” A list of confirmed trojan Android apps can be found in Zimperium’s report, though Google already has removed them from the app store. While there’s no longer the immediate danger of downloading FlyTrap from Google Play, you can still check the list to see if any of the infected programs are already installed. Zimperium recommends using its on-device z9 Mobile Threat Defense engine to run a risk assessment. Other than that, we should all continue to be wary of any apps from unfamiliar developers that ask us to log-in to our social media accounts.
