More than 10,000 victims across 144 countries have been impacted by the novel Android trojan dubbed "FlyTrap," which has been distributed via "social media hijacking, third-party app stores, and sideloaded applications" since March, ZDNet reports.
Zimperium researchers said that FlyTrap leverages social engineering methods to allow Facebook account compromise to infect Android devices and exfiltrate victims' Facebook IDs, emails and IP and email addresses, and locations, as well as Facebook account-linked cookies and tokens.
Vietnam-based groups developed the malware, which has been distributed through Google Play and other app stores, according to researchers. While Google has already removed all applications with the malware on its app store, third-party app stores are still offering three of the malicious apps, said the report.
"FlyTrap is just one example of the ongoing, active threats against mobile devices aimed at stealing credentials... The tools and techniques used by FlyTrap are not novel but are effective due to the lack of advanced mobile endpoint security on these devices. It would not take much for a malicious party to take FlyTrap or any other Trojan and modify it to target even more critical information," researchers said.
Public and private partnerships are key for the nation's safety, stability and security, and depend on the resilience of U.S. critical infrastructure and the strength of its cybersecurity community, says CyberRisk Alliance's executive vice president for collaboration / CISO communities.
SecurityWeek reports that Cisco's Identity Services Engine is being impacted by four security flaws, which could enable arbitrary command injection, security protection evasion, and cross-site scripting attacks.