FlyTrap

FlyTrap is an Android trojan, first detected in March 2021, that uses social engineering tactics to compromise Facebook accounts. FlyTrap was initially detected through infected apps on the Google Play store, and is believed to have impacted over 10,000 victims across at least 140 countries.^[1]

ID: S1093

ⓘ

Type: MALWARE

ⓘ

Platforms: Android

Contributors: Pooja Natarajan, NEC Corporation India; Hiroki Nagahama, NEC Corporation; Manikantan Srinivasan, NEC Corporation India

Version: 1.0

Created: 28 September 2023

Last Modified: 16 October 2023

Version Permalink

Live Version

Techniques Used

Domain	ID		Name	Use
Mobile	T1437	.001	Application Layer Protocol: Web Protocols	FlyTrap can use HTTP to communicate with the C2 server.^[2]
Mobile	T1646		Exfiltration Over C2 Channel	FlyTrap can use HTTP to exfiltrate data to the C2 server.^[2]
Mobile	T1417	.002	Input Capture: GUI Input Capture	FlyTrap has used infected applications with Facebook login prompts to steal credentials.^[1]
Mobile	T1430		Location Tracking	FlyTrap can collect device geolocation data.^[1]
Mobile	T1409		Stored Application Data	FlyTrap can collect Facebook account information, such as Facebook ID, email address, cookies, and login tokens.^[1]^[2]
Mobile	T1422		System Network Configuration Discovery	FlyTrap can collect IP address and network configuration information.^[1]
		.001	Internet Connection Discovery	FlyTrap can collect IP address and network configuration information.^[1]

References

Trend Micro. (2021, August 17). FlyTrap Android Malware Is Taking Over Facebook Accounts — Protect Yourself With a Malware Scanner. Retrieved September 28, 2023.

A. Yaswant. (2021, August 9). FlyTrap Android Malware Compromises Thousands of Facebook Accounts. Retrieved September 28, 2023.

FlyTrap

Mobile Layer

Techniques Used

References