{"id":2797,"date":"2021-08-10T20:04:59","date_gmt":"2021-08-10T14:34:59","guid":{"rendered":"https:\/\/xiarch.com\/blog\/?p=2797"},"modified":"2021-08-13T11:35:07","modified_gmt":"2021-08-13T06:05:07","slug":"alert-new-malware-stole-thousands-of-facebook-accounts-credentials","status":"publish","type":"post","link":"https:\/\/xiarch.com\/blog\/alert-new-malware-stole-thousands-of-facebook-accounts-credentials\/","title":{"rendered":"Alert! New Malware Stole Thousands of Facebook Accounts Credentials"},"content":{"rendered":"\n
Here comes a new android threat that investigators call FlyTrap has been hijacking the Facebook accounts of users in more than 140 countries by stealing its session cookies. FlyTrap operation relies on simple social engineering tactics to manipulates victims into using their Facebook credentials to log into leverages applications that collected information associated with the social media sessions.<\/p><\/p>\n\n\n\n
Investigators at mobile security organization Zimperium analyzed the new piece of malware and discover that the hijacked data was accessible to anyone who founded FlyTrap\u2019s command and control (C2) server.<\/p><\/p>\n\n\n\n
Fascinating with High-Quality Applications<\/strong> <\/h2>\n\n\n\n
FlyTrap operations have been conducting since at least March. The attackers used malicious applications with high-quality design, distributed through Google Play and the third-party Android stores. The lure includes the offers for free coupon codes (for Netflix, Google AdWords) and voting for the favorite soccer team or player, in tune with the delayed UEFA Euro 2020 competition.<\/p><\/p>\n\n\n\n
<\/figure><\/div>\n\n\n\n
Getting the promised reward needed logging into the applications using Facebook credentials, authentication occurring on the appropriate social media domain. Since the malicious applications use the real Facebook single sign-on (SSO) service, they can\u2019t collect users\u2019 credentials. Instead, FlyTrap relies on JavaScript insertion to yield other sensitive information.<\/p><\/p>\n\n\n\n
\u201cBy utilizing this technique, the application launches the authorized URL inside a WebView configured with the ability to insert JavaScript code and extracts all the important data such as cookies, user account details, location, and IP address by inserting malicious JS code.\u201d<\/p><\/p>\n\n\n\n
All the data collected this way goes to FlyTrap\u2019s C2 server. More than 10,000 Android users in 144 countries fell victim to this social engineering. The numbers come straight from the command and control server, which the investigators were able to access because the database with the hijacked Facebook session cookies was revealed to anyone on the internet.<\/p><\/p>\n\n\n\n
How many Android Users are Infected?<\/strong><\/h2>\n\n\n\n
<\/figure><\/div>\n\n\n\n
Zimperium\u2019s Aazim Yaswant states in a blog post today that FlyTrap\u2019s C2 server had multiple security vulnerabilities that provide access to the stored data. The investigator notes that accounts on social media platforms are a common target for threat actors, who can use them for the fraudulent purpose like artificially boosting the popularity of pages, sites, products, misinformation, or a political message.<\/p><\/p>\n\n\n\n
He also mentions the fact that phishing pages that hijack passwords are not the only way to log into the account of an online service. Logging onto the appropriate domain can also come with risks.<\/p><\/p>\n\n\n\n
\u201cJust like any user manipulation, the high-quality graphics and official-looking login screens are common tactics to have users take action that could reveal sensitive information. In this case, while the user is logging into their official account, the FlyTrap Trojan is hijacking the session information for malicious intent\u201d – Aazim Yaswant, Android malware researcher, Zimperium.<\/p><\/p>\n\n\n\n
Despite not using the new tactic, FlyTrap handles to steal a significant number of Facebook accounts. With a few modifications, it could turn into a more dangerous threat for mobile devices, the investigators said.<\/p><\/p>\n","protected":false},"excerpt":{"rendered":"
Here comes a new android threat that investigators call FlyTrap has been hijacking the Facebook accounts of users in more than 140 countries by stealing its session cookies. FlyTrap operation relies on simple social engineering tactics to manipulates victims into using their Facebook credentials to log into leverages applications that collected information associated with the […]<\/p>\n","protected":false},"author":2,"featured_media":2831,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[5],"tags":[],"yoast_head":"\n
Alert! New Malware Stole Thousands of Facebook Accounts Credentials - Xiarch Solutions Private Limited<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/xiarch.com\/blog\/alert-new-malware-stole-thousands-of-facebook-accounts-credentials\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Alert! New Malware Stole Thousands of Facebook Accounts Credentials - Xiarch Solutions Private Limited\" \/>\n<meta property=\"og:description\" content=\"Here comes a new android threat that investigators call FlyTrap has been hijacking the Facebook accounts of users in more than 140 countries by stealing its session cookies. FlyTrap operation relies on simple social engineering tactics to manipulates victims into using their Facebook credentials to log into leverages applications that collected information associated with the […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/xiarch.com\/blog\/alert-new-malware-stole-thousands-of-facebook-accounts-credentials\/\" \/>\n<meta property=\"og:site_name\" content=\"Xiarch Solutions Private Limited\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/xiarch\/\" \/>\n<meta property=\"article:published_time\" content=\"2021-08-10T14:34:59+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-08-13T06:05:07+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/08\/Alert-New-Malware-Stole-Thousands-of-Facebook-Accounts-Credentials-feature-image.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"525\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Xiarch Security\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@xiarch\" \/>\n<meta name=\"twitter:site\" content=\"@xiarch\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Xiarch Security\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/xiarch.com\/blog\/alert-new-malware-stole-thousands-of-facebook-accounts-credentials\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/alert-new-malware-stole-thousands-of-facebook-accounts-credentials\/\"},\"author\":{\"name\":\"Xiarch Security\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\"},\"headline\":\"Alert! New Malware Stole Thousands of Facebook Accounts Credentials\",\"datePublished\":\"2021-08-10T14:34:59+00:00\",\"dateModified\":\"2021-08-13T06:05:07+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/xiarch.com\/blog\/alert-new-malware-stole-thousands-of-facebook-accounts-credentials\/\"},\"wordCount\":503,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"articleSection\":[\"Breaches\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/xiarch.com\/blog\/alert-new-malware-stole-thousands-of-facebook-accounts-credentials\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/xiarch.com\/blog\/alert-new-malware-stole-thousands-of-facebook-accounts-credentials\/\",\"url\":\"https:\/\/xiarch.com\/blog\/alert-new-malware-stole-thousands-of-facebook-accounts-credentials\/\",\"name\":\"Alert! New Malware Stole Thousands of Facebook Accounts Credentials - Xiarch Solutions Private Limited\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#website\"},\"datePublished\":\"2021-08-10T14:34:59+00:00\",\"dateModified\":\"2021-08-13T06:05:07+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/xiarch.com\/blog\/alert-new-malware-stole-thousands-of-facebook-accounts-credentials\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/xiarch.com\/blog\/alert-new-malware-stole-thousands-of-facebook-accounts-credentials\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/xiarch.com\/blog\/alert-new-malware-stole-thousands-of-facebook-accounts-credentials\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/xiarch.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Alert! New Malware Stole Thousands of Facebook Accounts Credentials\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/xiarch.com\/blog\/#website\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"name\":\"Xiarch Solutions Private Limited\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/xiarch.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\",\"name\":\"Xiarch\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"contentUrl\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"width\":300,\"height\":300,\"caption\":\"Xiarch\"},\"image\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/xiarch\/\",\"https:\/\/twitter.com\/xiarch\",\"https:\/\/www.linkedin.com\/company\/xiarch\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\",\"name\":\"Xiarch Security\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"caption\":\"Xiarch Security\"},\"sameAs\":[\"https:\/\/xiarch.com\/blog\/\"],\"url\":\"https:\/\/xiarch.com\/blog\/author\/vector\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Alert! New Malware Stole Thousands of Facebook Accounts Credentials - Xiarch Solutions Private Limited","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/xiarch.com\/blog\/alert-new-malware-stole-thousands-of-facebook-accounts-credentials\/","og_locale":"en_US","og_type":"article","og_title":"Alert! New Malware Stole Thousands of Facebook Accounts Credentials - Xiarch Solutions Private Limited","og_description":"Here comes a new android threat that investigators call FlyTrap has been hijacking the Facebook accounts of users in more than 140 countries by stealing its session cookies. FlyTrap operation relies on simple social engineering tactics to manipulates victims into using their Facebook credentials to log into leverages applications that collected information associated with the […]","og_url":"https:\/\/xiarch.com\/blog\/alert-new-malware-stole-thousands-of-facebook-accounts-credentials\/","og_site_name":"Xiarch Solutions Private Limited","article_publisher":"https:\/\/www.facebook.com\/xiarch\/","article_published_time":"2021-08-10T14:34:59+00:00","article_modified_time":"2021-08-13T06:05:07+00:00","og_image":[{"width":1000,"height":525,"url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/08\/Alert-New-Malware-Stole-Thousands-of-Facebook-Accounts-Credentials-feature-image.jpg","type":"image\/jpeg"}],"author":"Xiarch Security","twitter_card":"summary_large_image","twitter_creator":"@xiarch","twitter_site":"@xiarch","twitter_misc":{"Written by":"Xiarch Security","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/xiarch.com\/blog\/alert-new-malware-stole-thousands-of-facebook-accounts-credentials\/#article","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/alert-new-malware-stole-thousands-of-facebook-accounts-credentials\/"},"author":{"name":"Xiarch Security","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c"},"headline":"Alert! New Malware Stole Thousands of Facebook Accounts Credentials","datePublished":"2021-08-10T14:34:59+00:00","dateModified":"2021-08-13T06:05:07+00:00","mainEntityOfPage":{"@id":"https:\/\/xiarch.com\/blog\/alert-new-malware-stole-thousands-of-facebook-accounts-credentials\/"},"wordCount":503,"commentCount":0,"publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"articleSection":["Breaches"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/xiarch.com\/blog\/alert-new-malware-stole-thousands-of-facebook-accounts-credentials\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/xiarch.com\/blog\/alert-new-malware-stole-thousands-of-facebook-accounts-credentials\/","url":"https:\/\/xiarch.com\/blog\/alert-new-malware-stole-thousands-of-facebook-accounts-credentials\/","name":"Alert! New Malware Stole Thousands of Facebook Accounts Credentials - Xiarch Solutions Private Limited","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/#website"},"datePublished":"2021-08-10T14:34:59+00:00","dateModified":"2021-08-13T06:05:07+00:00","breadcrumb":{"@id":"https:\/\/xiarch.com\/blog\/alert-new-malware-stole-thousands-of-facebook-accounts-credentials\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/xiarch.com\/blog\/alert-new-malware-stole-thousands-of-facebook-accounts-credentials\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/xiarch.com\/blog\/alert-new-malware-stole-thousands-of-facebook-accounts-credentials\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/xiarch.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Alert! New Malware Stole Thousands of Facebook Accounts Credentials"}]},{"@type":"WebSite","@id":"https:\/\/xiarch.com\/blog\/#website","url":"https:\/\/xiarch.com\/blog\/","name":"Xiarch Solutions Private Limited","description":"","publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/xiarch.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/xiarch.com\/blog\/#organization","name":"Xiarch","url":"https:\/\/xiarch.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","contentUrl":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","width":300,"height":300,"caption":"Xiarch"},"image":{"@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/xiarch\/","https:\/\/twitter.com\/xiarch","https:\/\/www.linkedin.com\/company\/xiarch"]},{"@type":"Person","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c","name":"Xiarch Security","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","caption":"Xiarch Security"},"sameAs":["https:\/\/xiarch.com\/blog\/"],"url":"https:\/\/xiarch.com\/blog\/author\/vector\/"}]}},"_links":{"self":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/2797"}],"collection":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/comments?post=2797"}],"version-history":[{"count":1,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/2797\/revisions"}],"predecessor-version":[{"id":2801,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/2797\/revisions\/2801"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media\/2831"}],"wp:attachment":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media?parent=2797"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/categories?post=2797"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/tags?post=2797"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
![\"Alert-New-Malware-Stole-Thousands-of-Facebook-Accounts-Credentials-image1\"](\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/08\/Alert-New-Malware-Stole-Thousands-of-Facebook-Accounts-Credentials-image1.jpg\")
<\/figure><\/div>\n\n\n\n![\"Alert-New-Malware-Stole-Thousands-of-Facebook-Accounts-Credentials-image2\"](\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/08\/Alert-New-Malware-Stole-Thousands-of-Facebook-Accounts-Credentials-image2-1024x604.jpg\")
<\/figure><\/div>\n\n\n\n