• A malware called FlyTrap was traced to operators in Vietnam
  • It's part of a family of Trojans that take over Facebook accounts via social engineering
  • It tricks users into downloading malicious apps before trying to access their accounts

A new Android malware previously distributed through apps listed on Google Play Store has compromised more than 10,000 Facebook accounts across 144 countries since March, according to a new report from mobile technology security company Zimperium.

The new malware dubbed FlyTrap, which has already spread across hundreds of countries was traced to operators in Vietnam, Zimperium reported Monday. The malware is said to belong to a family of Trojans that use social engineering to take over Facebook accounts.

The hi-jacking campaign was initially spread through malicious apps available on Google Play Store and third-party app stores. According to cybersecurity researchers of the firm, FlyTrap used various types of mobile apps that promised to give away "free Netflix coupon codes, Google AdWords coupon codes, and voting for the best football (soccer) team or player."

Facebook says it has blocked the opening by which hackers stole data belonging to 530 million users
Facebook says it has blocked the opening by which hackers stole data belonging to 530 million users AFP / Lionel BONAVENTURE

The firm said the malware "tricked users into downloading and trusting the application with high-quality designs and social engineering" before trying to access their Facebook accounts. Google Play removed the malicious apps upon receiving information from Zimperium.

However, according to the tech firm, unsecured third-party app stores still distribute the said malicious apps, which include GG Voucher (com.luxcarad.cardid), Vote European Football (com.gardenguides.plantingfree), GG Coupon Ads (com.free_coupon.gg_free_coupon), GG Voucher Ads (com.m_application.app_moi_6), GG Voucher (, Chatfuel (com.ynsuper.chatfuel), Net Coupon (com.free_coupon.net_coupon), Net Coupon ( and EURO 2021 Official (com.euro2021).

These apps reportedly pose a threat to the social identity of victims by hijacking their Facebook accounts using a Trojan that infects Android devices. Details such as location, email address, IP address, Facebook ID and tokens and certificates linked with the Facebook account are then collected from the victim's device.

Moreover, malicious actors can also use hijacked Facebook sessions to spread the malware by abusing the owner's social credibility. This is possible by sending personal messages with links to the malware using the victim's account. Hackers can also propagate disinformation campaigns or propaganda by just accessing the victim's geolocation details.

Unfortunately, FlyTrap is just one of the active threats that are designed to steal information by infecting mobile devices. Mobile endpoints are usually the mother lode of login information associated with banking applications, social media accounts, enterprise tools and a lot more.