Shawn Smith, director of infrastructure at app security firm nVisium, told Threatpost on Monday that FlyTrap and its ilk show that you don’t need technical vulnerabilities to come up with a winning attack vector, as in, the user. “We need to impress the importance of doing a little research before just clicking links,” he said via email.
“This malware spreads mainly by promising coupons and voting for the user’s favorite interests from these links. Other similar and more recent situations like this include a Twitter scandal that involved high-profile accounts being hacked and used to lure people to [give] them money. It’s this social engineering aspect behind these attacks which is the most concerning and dangerous.
“We can only do so much by securing our technology alone, and users need to be educated to spot social engineering attacks so they can better protect themselves and their friends.”