S1093 FlyTrap
FlyTrap is an Android trojan, first detected in March 2021, that uses social engineering tactics to compromise Facebook accounts. FlyTrap was initially detected through infected apps on the Google Play store, and is believed to have impacted over 10,000 victims across at least 140 countries.1
| Item | Value |
|---|---|
| ID | S1093 |
| Associated Names | |
| Type | MALWARE |
| Version | 1.0 |
| Created | 28 September 2023 |
| Last Modified | 16 October 2023 |
| Navigation Layer | View In ATT&CK® Navigator |
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| mobile | T1437 | Application Layer Protocol | - |
| mobile | T1437.001 | Web Protocols | FlyTrap can use HTTP to communicate with the C2 server.2 |
| mobile | T1646 | Exfiltration Over C2 Channel | FlyTrap can use HTTP to exfiltrate data to the C2 server.2 |
| mobile | T1417 | Input Capture | - |
| mobile | T1417.002 | GUI Input Capture | FlyTrap has used infected applications with Facebook login prompts to steal credentials.1 |
| mobile | T1430 | Location Tracking | FlyTrap can collect device geolocation data.1 |
| mobile | T1409 | Stored Application Data | FlyTrap can collect Facebook account information, such as Facebook ID, email address, cookies, and login tokens.12 |
| mobile | T1422 | System Network Configuration Discovery | FlyTrap can collect IP address and network configuration information.1 |
| mobile | T1422.001 | Internet Connection Discovery | FlyTrap can collect IP address and network configuration information.1 |
References
-
Trend Micro. (2021, August 17). FlyTrap Android Malware Is Taking Over Facebook Accounts — Protect Yourself With a Malware Scanner. Retrieved September 28, 2023. ↩↩↩↩↩↩
-
A. Yaswant. (2021, August 9). FlyTrap Android Malware Compromises Thousands of Facebook Accounts. Retrieved September 28, 2023. ↩↩↩