Researchers at the zLabs team at mobile security company Zimperium have uncovered a new Android Trojan that’s goal is to hijack the social media profiles of its victims. The malware has been dubbed FlyTrap and has affected over 140 countries since March 2021 and spread to over 10,000 victims. By using a lure in a phishing email, the threat actors trick victims into signing into their Facebook account through Facebook’s Single Sign-On (SSO) and proceeds to steal personal details such as location, IP Address, and injects malicious JavaScript code onto the victim’s device. The malware spreads using the victim’s social media credibility through personal messaging with links to the Trojan, as well as spreading propaganda or disinformation campaigns. Since FlyTrap uses Facebook’s legitimate SSO, it does not allow the threat actor to steal the login credentials for the account. All the stolen information from victims is sent to the Command and Control (C2) server that is run by the threat actors. Researchers found that the C2 servers were not probably secured, allowing anyone to access the information on them. The threat actor is believed to be based out of Vietnam. Researchers informed Google of the trojan, and they removed the malicious apps spreading the malware from the Google Play Store, but some apps are still available on third-party stores.