A new research has found that over 300,000 Android smartphones have been infected by recently discovered malware called ‘Schoolyard Bully,’ which steals Facebook login information such as email, phone number, password, ID, and name.
The Schoolyard Bully Trojan, which sources claim has been active since 2018, comes in the form of an educational app, primarily targeting students’ devices in Vietnamese.
Innovation Village was able to uncover one of the apps – Giải bài tập bằng camera (screenshot below), which interestingly has a rating of 4.7 out of 5.
Researchers claim the trojan uses Javascript injection to steal the Facebook credentials. It opens the legitimate URL inside a WebView with the malicious javascript injected to extract the user’s phone number, email address and password, then sends it to the configured Firebase C&C.
Another popular trojan which disguises as a non-suspicious application is Giải Dįa Lý, which report says the Facebook login activity is located in the chat (Trò Chuyện) option.
“Facebook reaches nearly 2.96 billion monthly users,” according to research, “and continues to be the number one social media platform.”
As attackers leverage the Schoolyard Bully Trojan to gain unauthorized access to credentials, they have far more success accessing financial accounts. Nearly 64% of individuals use the same password that was exposed in a previous breach. With the percentage of users recycling passwords, it is no surprise the Schoolyard Bully Trojan has been active for years.
The Nigeria Communications Commission (NCC), through its Computer Security Incident Response Team (NCC-CSIRT), is now warning smartphone users in Nigeria to be wary of this new Malware which has infected over 300,000 Android devices globally.
In its latest advisory, the NCC-CSIRT reminded Nigerian mobile users to only download applications from official sites and application stores.
The NCC-CSIRT advisory in this regard further recommended that users double-check each application and uncheck boxes that request extra third-party downloads when installing apps downloaded from the Google Play Store and to use anti-malware applications to routinely scan their devices for malware.
The malicious apps were available on Google Play, yet they have already been taken down. However, they still spread via third-party Android app shops.
NCC’s CSIRT (Computer Security Incident Response Team) issued a similar warning last week about a Vidar Stealer, developed specifically for use on Telegram in an attempt to fool users into downloading an installer that seems to be ‘Advanced IP Scanner’ software but actually includes Vidar Malware.
The response team also raised an alarm on the threat posed by a TikTok viral challenge called “Invisible Challenge”.
According to NCC’s Director of Public Affairs, Mr Reuben Muoka, the hackers are using the challenge to spread an information-stealing malware known as WASP stealer, similar to the Vidar Stealer, that steals victims’ passwords, credit card details, cryptocurrency wallets, and personal files and sends them to the threat actor.
Information stolen using WASP malware can be misused to make fraudulent purchases and transactions, steal identities, and more. Depending on the type of hijacked accounts, they can be misused to send spam, deliver malware, access sensitive information, etc.
