Contents:
A malware campaign designed for Android devices is aiming to steal Facebook accounts users and passwords and has already infected more than 300,000 devices.
The malware acts under the appearance of reading and education apps and has been in function since 2018. During this time, it has successfully functioned across over 70 countries, with Vietnam being its favorite target.
Initially, some of the apps the campaign used for circulating the Schoolyard Bully trojan used to be on Google Play, but although they have been removed from there in time, the app keeps spreading by third-party Android app stores.
How Does the Schoolyard Bully Trojan Act
The Schoolyard Bully easily tricks unaware users to download it, as it pretends to be some legitimate education app. After it was taken down from Google Play, it however remained available on other app stores, so you can still stumble upon such a malicious app.
What the Schoolyard Bully trojan does is use WebView to launch a Facebook login page inside the app, inject malicious Javascript and extract the user`s credentials. With the aid of the Javascript code, the phone number, user`s email address, and password are exfiltrated.
In order to avoid being detected by antiviruses, the Schoolyard Bully uses native libraries such as ”libabc.so”.
How to Avoid Being a Victim of Schoolyard Bully Trojan
No one wants to be that guy whose Facebook account sends weird mass messages to friends and work colleagues. Having your Facebook account credentials revealed opens up lots of possibilities for threat actors to launch a phishing attack, for example.
According to Richard Melick from Zimperium
Attackers can cause a lot of havoc by stealing Facebook passwords. If they can impersonate someone from their legitimate Facebook account, it becomes extremely easy to phish friends and other contacts into sending money or sensitive information.
Also, because lots if not most people use the same password for different accounts, having their Facebook password exposed could also mean the threat actors gain access to their email, banking app, and other personal goods. So, a good thing to do, if you want to keep your accounts safer, is of course use different passwords for different accounts and change them regularly.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.