According to experts from Zimperium, Android malware FlyTrap hijacks Facebook accounts in 140 countries around the world by stealing session cookies.
Worse, the researchers found that the stolen information was available to anyone who found the FlyTrap C&C server.
Analysts believe the malware has been active since at least this spring.
Attackers use decoys distributed through Google Play and third-party Android app stores.
As a rule, such a decoy offers the user free coupons (for Netflix, Google AdWords, and so on) or offers to vote for their favorite football team and Euro 2020 player.
The information collected in this way is transmitted to the attackers’ command and control server. At the moment, more than 10,000 Android users in 144 countries of the world have become victims of this malicious campaign.
The exact data and numbers were extracted from the server of the criminals directly, as the researchers found that anyone could get access to it. According to experts, the FlyTrap C&C server had many vulnerabilities that made it easier to access stored information.
The researchers emphasize that phishing pages that steal credentials are not the only tool used by fraudsters. As the FlyTrap example shows, logging in through a legitimate domain can also be risky.
Let me remind you that I also talked about Alien malware that steals passwords from 226 Android apps.