A new Android trojan called ‘FlyTrap’ is hijacking social media to access user data

A new Android trojan called ‘FlyTrap’ is hijacking social media to access user data
The FlyTrap malware has affected over 10,000 victims globally.Unsplash
  • FlyTrap’ Android trojan managed to get access to user data through social media hijacking, third-party app stores and sideloading apps.
  • It is capable of collecting information like Facebook ID, location, email address, IP and address.
  • The malware posed as apps offering coupon codes for popular services, and also as voting apps.
A new Android trojan has been lurking around since March this year specifically targeting Facebook accounts. Discovered by cybersecurity firm Zimperium, the Android trojan has been dubbed ‘FlyTrap’, and it has so far affected over 10,000 victims across 144 countries including India, and it is said to have been operated by hackers from Vietnam.

The FlyTrap malware posed as apps offering coupon codes and voting apps for the best football team or player. These malicious apps were available on the Google Play Store and third-party app stores as well. The first part of this hacking process is engagement. Users are offered coupons for popular apps like Netflix, and Google Ads coupons as well. The voting apps were about the recent Euro 2020 tournament asking users to choose their favourite team or player, and also whether they plan to watch the match.

Once the engagement part is over, users are shown their Facebook login page and asked to enter their credentials if they want to finish casting their vote or get the coupon code. After users finish this part too they’re given the coupon code but the page instead claims that the coupon code has expired.

Complimentary Tech Event
Discover the future of SaaS in India
The 6-part video series will capture the vision of Indian SaaS leaders and highlight the potential for the sector in the decades to come.Watch on Demand
Our Speakers
Girish Mathrubootham
Brian E. Taptich
“Just like any user manipulation, the high-quality graphics and official-looking login screens are common tactics to have users take action that could reveal sensitive information. In this case, while the user is logging into their official account, the FlyTrap Trojan is hijacking the session information for malicious intent,” Zimperium said in a blog post.

The Android trojan is capable of accessing users’ Facebook ID, location, email address, IP address, and cookie and tokens associated with their Facebook account. Hackers can use the Facebook accounts to further spread malware via messages, and also create disinformation campaigns through the user’s geolocation details.


The findings of this Android trojan were reported to Google and the malicious apps were removed from the Play Store. But Zimperium warns that some of these apps are still available via third-party stores.


This new Android banking malware can screen record everything on your phone
Amazon’s Kindle e-readers could be prone to hacking through malicious e-books