Greater than 300,000 customers throughout 71 international locations have been victimized by a brand new Android risk marketing campaign referred to as the Schoolyard Bully Trojan.
Primarily designed to steal Fb credentials, the malware is camouflaged as professional education-themed functions to lure unsuspecting customers into downloading them.
The apps, which have been out there for obtain from the official Google Play Retailer, have now been taken down. That stated, they nonetheless proceed to be out there on third-party app shops.
“This trojan makes use of JavaScript injection to steal the Fb credentials,” Zimperium researchers Nipun Gupta and Aazim Invoice SE Yaswant stated in a report shared with The Hacker Information.
It achieves this by launching Fb’s login web page in a WebView, which additionally embeds inside it malicious JavasCript code to exfiltrate the consumer’s telephone quantity, e mail tackle, and password to a configured command-and-control (C2) server.
The Schoolyard Bully Trojan additional makes use of native libraries resembling “libabc.so” in order to keep away from detection by antivirus options.
Whereas the malware singles out Vietnamese language functions, it has additionally been found in a number of different apps out there in over 70 international locations, underscoring the size of the assaults.
The findings come greater than a yr after Zimperium unearthed related exercise geared toward compromising Fb accounts by way of rogue Android apps as a part of a marketing campaign codenamed FlyTrap.
“Attackers could cause loads of havoc by stealing Fb passwords,” Richard Melick, director of cell risk intelligence at Zimperium, stated. “If they’ll impersonate somebody from their professional Fb account, it turns into extraordinarily simple to phish pals and different contacts into sending cash or delicate data.”
“It is also very regarding how many individuals reuse the identical passwords. If an attacker steals somebody’s Fb password, there is a excessive chance that very same e mail and password will work with banking or monetary apps, company accounts and a lot extra.”
