Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

‘Schoolyard Bully’ Android Trojan Targeted Facebook Credentials of 300,000 Users

Mobile security firm Zimperium is warning of an Android trojan that may have stolen Facebook credentials from a large number of users.

Mobile security firm Zimperium is warning of an Android trojan that may have stolen Facebook credentials from a large number of users.

The malware, named Schoolyard Bully Trojan by Zimperium, appears to mainly target Vietnam, but the security company is aware of more than 300,000 victims located across 71 countries.

“The actual number of countries could be more than what was accounted for because the applications are still being found in third-party app stores,” the security firm said.

Active since 2018, Schoolyard Bully has been delivered through innocent-looking Android applications hosted on Google Play and various third-party app stores. Google has removed the malware from its official app store, but the malicious applications are still available on other websites, Zimperium said.

The malware is often hidden inside what appear to be educational applications. Schoolyard Bully relies on JavaScript injections to display phishing pages designed to trick users into handing over their Facebook username and password.

The malware also helps the cybercriminals collect information such as Facebook profile name, Facebook ID, and device details.

Last year, Zimperium detailed a campaign called FlyTrap, which also involved an Android trojan designed to compromise Facebook accounts, and that operation was also linked to Vietnam. However, the company’s researchers believe, based on source code analysis, that FlyTrap and Schoolyard Bully are completely different campaigns.

Zimperium has made available technical information and indicators of compromise (IoCs) that can be used to detect Schoolyard Bully malware.

Advertisement. Scroll to continue reading.

Related: ‘MaliBot’ Android Malware Steals Financial, Personal Information

Related: SharkBot Android Malware Continues Popping Up on Google Play

Related: Fake Netflix App Luring Android Users to Malware

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Cyberwarfare

An engineer recruited by intelligence services reportedly used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.