[ad_1]
A new Android Trojan has been identified by cybersecurity firm Zimperium, which released a report on Monday explaining how the malware may have claimed more than 10,000 victims in 144 countries.
The Trojan horse – named FlyTrap by Zimperium researchers – has been able to spread via “social media hijacking, third-party app stores, and downloaded apps” since March.
Zimperium zLabs mobile threat research teams first identified the malware and found that it used social engineering tricks to compromise Facebook accounts. The malware hijacks social media accounts by infecting Android devices, allowing attackers to collect information from victims such as Facebook ID, location, email address and IP address as well as cookies and tokens linked to your Facebook account.
These hacked Facebook sessions can be used to spread malware by abusing the victim’s social credibility through personal messages with links to the Trojan horse, as well as by spreading propaganda or disinformation campaigns using details of the victim’s geolocation, ”Zimperium researchers wrote.
“These social engineering techniques are very effective in the digitally connected world and are often used by cybercriminals to spread malware from victim to victim. The threat authors used several themes that users would find appealing, such as as free Netflix coupon codes, Google AdWords coupon codes, and vote for the best football (soccer) team or player. “
Researchers attributed the malware to groups based in Vietnam and said they could distribute it using Google Play and other app stores. Google received a report of the malware, checked it, and removed all apps from the store.
But the report notes that three of the apps are still available on “third-party and insecure app repositories.”
Once victims are convinced to download the app via deceptive designs, the app urges users to engage and eventually asks people to enter their Facebook account information in order to vote on something or collect money. promo codes. Once everything is entered, the app takes victims to a screen that says the coupon has already expired.
The researchers explained that the malware uses a technique called “JavaScript injection” which allows the application to open legitimate URLs in a “WebView configured with the ability to inject JavaScript code”. The app then extracts information like cookies, user account details, location, and IP address by injecting malicious JS code.
Zimperium suggests that Android users find ways to check if any apps on their device have FlyTrap and noted that these breached accounts could be used as a botnet for other purposes, like increasing the popularity of certain pages or sites.
“FlyTrap is just one example of active threats against mobile devices to steal credentials. Mobile devices are often treasure troves of unprotected login information to social media accounts, banking apps. , enterprise tools, etc., ”Zimperium researchers said.
“The tools and techniques used by FlyTrap are not new but are effective due to the lack of advanced mobile device security on these devices. It wouldn’t take much for a malicious party to take FlyTrap or any other Trojan horse and modify it to target even more Critical Information. “
Setu Kulkarni, vice president of NTT Application Security, said FlyTrap was a “clever combination” of a handful of vulnerabilities and took advantage of the abundance of accessible metadata, like location, as well as the implicit trust that can be acquired. by clever but questionable associations with companies like Google, Netflix and others.
“This is not even the most concerning bit – the disturbing bit is the network effect that this type of Trojan horse can generate by spreading from user to user. Zimperium findings – this Trojan horse could evolve to exfiltrate much more critical information like bank credentials, ”Kulkarni said.
“The simulation scenarios unfortunately do not end there. What if this type of Trojan horse is now offered as a service or if it quickly turns into ransomware targeting hundreds of thousands of users. The bottom line does not change. . It all starts with a user being enticed to click on a link. It begs the question: Shouldn’t Google and Apple be doing more to solve this problem for all of their customers? “
[ad_2]
Source link