Close Menu
Innovation Village | Technology, Product Reviews, Business
    Facebook X (Twitter) Instagram
    Sunday, June 8
    • About us
      • Authors
    • Contact us
    • Privacy policy
    • Terms of use
    • Advertise
    • Newsletter
    • Post a Job
    • Partners
    Facebook X (Twitter) LinkedIn YouTube WhatsApp
    Innovation Village | Technology, Product Reviews, Business
    • Home
    • Innovation
      • Products
      • Technology
      • Internet of Things
    • Business
      • Agritech
      • Fintech
      • Healthtech
      • Investments
        • Cryptocurrency
      • People
      • Startups
      • Women In Tech
    • Media
      • Entertainment
      • Gaming
    • Reviews
      • Gadgets
      • Apps
      • How To
    • Giveaways
    • Jobs
    Innovation Village | Technology, Product Reviews, Business
    You are at:Home»Android»NCC warns Android device owners of yet another dangerous malware, Schoolyard Bully Trojan

    NCC warns Android device owners of yet another dangerous malware, Schoolyard Bully Trojan

    0
    By Smart Megwai on December 15, 2022 Android, Apps, Cybersecurity, Facebook, Hacks, Social Media, Website

    A new research has found that over 300,000 Android smartphones have been infected by recently discovered malware called ‘Schoolyard Bully,’ which steals Facebook login information such as email, phone number, password, ID, and name.

    The Schoolyard Bully Trojan, which sources claim has been active since 2018, comes in the form of an educational app, primarily targeting students’ devices in Vietnamese.

    Innovation Village was able to uncover one of the apps – Giải bài tập bằng camera (screenshot below), which interestingly has a rating of 4.7 out of 5.

    Researchers claim the trojan uses Javascript injection to steal the Facebook credentials. It opens the legitimate URL inside a WebView with the malicious javascript injected to extract the user’s phone number, email address and password, then sends it to the configured Firebase C&C.

    Another popular trojan which disguises as a non-suspicious application is Giải Dįa Lý, which report says the Facebook login activity is located in the chat (Trò Chuyện) option.

    “Facebook reaches nearly 2.96 billion monthly users,” according to research, “and continues to be the number one social media platform.”

    As attackers leverage the Schoolyard Bully Trojan to gain unauthorized access to credentials, they have far more success accessing financial accounts. Nearly 64% of individuals use the same password that was exposed in a previous breach. With the percentage of users recycling passwords, it is no surprise the Schoolyard Bully Trojan has been active for years.

    The Nigeria Communications Commission (NCC), through its Computer Security Incident Response Team (NCC-CSIRT), is now warning smartphone users in Nigeria to be wary of this new Malware which has infected over 300,000 Android devices globally.

    In its latest advisory, the NCC-CSIRT reminded Nigerian mobile users to only download applications from official sites and application stores.

    The NCC-CSIRT advisory in this regard further recommended that users double-check each application and uncheck boxes that request extra third-party downloads when installing apps downloaded from the Google Play Store and to use anti-malware applications to routinely scan their devices for malware.

    The malicious apps were available on Google Play, yet they have already been taken down. However, they still spread via third-party Android app shops.

    NCC’s CSIRT (Computer Security Incident Response Team) issued a similar warning last week about a Vidar Stealer, developed specifically for use on Telegram in an attempt to fool users into downloading an installer that seems to be ‘Advanced IP Scanner’ software but actually includes Vidar Malware.

    The response team also raised an alarm on the threat posed by a TikTok viral challenge called “Invisible Challenge”.

    According to NCC’s Director of Public Affairs, Mr Reuben Muoka, the hackers are using the challenge to spread an information-stealing malware known as WASP stealer, similar to the Vidar Stealer, that steals victims’ passwords, credit card details, cryptocurrency wallets, and personal files and sends them to the threat actor.

    Information stolen using WASP malware can be misused to make fraudulent purchases and transactions, steal identities, and more. Depending on the type of hijacked accounts, they can be misused to send spam, deliver malware, access sensitive information, etc.

    Related

    Android target for mobile malware Nigerian Communications Commission (NCC) Schoolyard Bully Trojans
    Share. Facebook Twitter Pinterest LinkedIn Email
    Smart Megwai
    • Facebook
    • X (Twitter)
    • Instagram
    • LinkedIn

    Smart is a Tech Writer. His passion for educating people is what drives him to provide practical tech solutions which helps solve everyday tech-related issues.

    Related Posts

    Meta Launches Teen Accounts on Instagram in Nigeria to Enhance Online Safety

    TikTok launches TikTok for Artists to empower Artists’ Growth and fan engagement

    Elon Musk Launches XChat: Can It Compete with WhatsApp and Telegram?

    Leave A Reply Cancel Reply

    You must be logged in to post a comment.

    Copyright ©, 2013-2024 Innovation-Village.com. All Rights Reserved

    Type above and press Enter to search. Press Esc to cancel.

     

    Loading Comments...
     

    You must be logged in to post a comment.