Savvy cybercriminals often use social engineering to try to trick people into installing malware or revealing sensitive information. A malicious campaign discovered by mobile security provider Zimperium found malicious Android apps that used social engineering tactics to gain access to their victims’ Facebook accounts.

TO SEE: Best Android Security Tips (Free PDF) (TechRepublic)

Initially available through Google Play and third-party stores, the malicious apps have surfaced in at least 140 countries since March 2021, claiming more than 10,000 victims, Zimperium said in a blog post on Monday. After Zimperium informed Google of the apps in question, the company removed them from Google Play. However, they are still accessible on third-party stores, which means they pose a threat to users who load apps from unofficial sources.

The apps work by providing an Android Trojan named FlyTrap by Zimperium. Attackers start by tricking people into downloading the apps through the use of high-quality graphics and crisp login screens.

Once installed, apps attempt to engage users by displaying items designed to spark your interest. These include a Netflix promo code, a Google AdWords code and a promotion asking you to vote for your favorite football team for UEFA Euro 2020 matches.

Users who interact with any of the come-ons then see the Facebook login page and prompted to log into their account to collect the promo code or vote. Of course, no actual code or vote takes place. Instead, a message appears stating that the coupon has expired and is no longer valid.

With access to a victim’s Facebook account, the Trojan then kicks in by opening a legitimate URL and using a bit of JavaScript injection. By injecting malicious JavaScript code, the Trojan is able to access and extract details of the user’s Facebook account, location, IP address, and cookies. As an additional threat, the Command & Control server exploited by the attackers contains security holes that expose all stolen session cookies to anyone on the Internet.

To help Android users protect themselves against such malicious apps, Richard Melick, Zimperium’s Director of Product Marketing for Endpoint Security, offers a few tips:

Avoid installing mobile apps from unofficial sources. Although Google has removed some of the malicious apps from its Google Play Store, many are still available through third-party stores and social media where they can spread quickly. As such, users should avoid loading apps or installing them from untrusted sources. Applications accessed in this way have probably not been subjected to security scans and could more easily contain malicious code.

Be vigilant on mobile application activity and requests. Be aware that if you accept an app’s request to log into one of your social media accounts, the app will have full access and control over certain key information.

Remove all suspicious apps. If you think an app could put your data at risk, delete it from your device immediately. If you added the app on Facebook, follow the company’s instructions to remove the app and your associated data.

Cyber ​​Security Newsletter

Strengthen your organization’s IT security defenses by staying on top of the latest cybersecurity news, solutions and best practices. Delivered on Tuesdays and Thursdays

register today

Also look