Heimdal
article featured image

Contents:

A malware campaign designed for Android devices is aiming to steal Facebook accounts users and passwords and has already infected more than 300,000 devices.

The malware acts under the appearance of reading and education apps and has been in function since 2018. During this time, it has successfully functioned across over 70 countries, with Vietnam being its favorite target.

Initially, some of the apps the campaign used for circulating the Schoolyard Bully trojan used to be on Google Play, but although they have been removed from there in time, the app keeps spreading by third-party Android app stores.

How Does the Schoolyard Bully Trojan Act

The Schoolyard Bully easily tricks unaware users to download it, as it pretends to be some legitimate education app. After it was taken down from Google Play, it however remained available on other app stores, so you can still stumble upon such a malicious app.

What the Schoolyard Bully trojan does is use WebView to launch a Facebook login page inside the app, inject malicious Javascript and extract the user`s credentials. With the aid of the Javascript code, the phone number, user`s email address, and password are exfiltrated.

In order to avoid being detected by antiviruses, the Schoolyard Bully uses native libraries such as ”libabc.so”.

How to Avoid Being a Victim of Schoolyard Bully Trojan

No one wants to be that guy whose Facebook account sends weird mass messages to friends and work colleagues. Having your Facebook account credentials revealed opens up lots of possibilities for threat actors to launch a phishing attack, for example.

According to Richard Melick from Zimperium

Attackers can cause a lot of havoc by stealing Facebook passwords. If they can impersonate someone from their legitimate Facebook account, it becomes extremely easy to phish friends and other contacts into sending money or sensitive information.

Source

Also, because lots if not most people use the same password for different accounts, having their Facebook password exposed could also mean the threat actors gain access to their email, banking app, and other personal goods. So, a good thing to do, if you want to keep your accounts safer, is of course use different passwords for different accounts and change them regularly.

If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.

Author Profile

Livia Gyongyoși

Communications and PR Officer

Livia Gyongyoși is a Communications and PR Officer within Heimdal®, passionate about cybersecurity. Always interested in being up to date with the latest news regarding this domain, Livia's goal is to keep others informed about best practices and solutions that help avoid cyberattacks.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE