Over 300,000 Android users hit by Facebook login-stealing malware

‘Schoolyard Bully’ is targeting people all over the world

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cybersecurity researchers from Zimperium recently discovered 37 Android apps that were distributing infostealing malware dubbed ‘Schoolyard Bully’.

The apps were initially distributed through thePlay Store, but onceGooglediscovered and removed them, they continued their existence on third-party app repositories.

As such, they still pose a risk today. Combined, the apps were allegedly downloaded 300,000 times in 71 countries around the world. People living in Vietnam seem to be the malware’s number one target, though.

Facebook in the crosshairs

‘Schoolyard Bully’ got its name for masquerading as educational apps. When victims try to run them on theirendpoints, they’ll get a legitimate Facebook login popup, but malicious JavaScript code runs in the background to extract whatever the user inputs.

It can gather Facebook credentials, account IDs, usernames, device names, RAM data and API data.

So far, the researchers haven’t been able to ascertain the threat actor behind the campaign, but they do know that it has been ongoing for at least four years.

This Android malware is so dangerous, even Google is worried>These malicious Android apps have been downloaded over a million times>Check out the best firewalls around

Facebook passwords are targeted frequently by threat actors for a number of reasons. They can use the platform to distribute more dangerousmalwareto a large audience, and push fake narratives by commenting and sharing news.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

They can also use the access to launch business email compromise (BEC) attacks and other forms ofidentity theft.

And since people reuse passwords across different services, they can try and access other accounts belonging to their victims too.

Users are advised to keep unique passwords across different services, and use multi-factor authentication (MFA) wherever possible. What’s more, they’re advised not to download mobile apps from unverified sources and third-party repositories.

Via:BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new malware utilizes a rare programming language to evade traditional detection methods

A new form of macOS malware is being used by devious North Korean hackers

Arcane season 2 confirms the hit series isn’t just one of the best Netflix shows ever made – it’s an animated legend that’ll stand the test of time