"Schoolyard Bully Trojan Apps Stole Facebook Credentials From Over 300,000 Android Users"
A new Android threat campaign called the Schoolyard Bully Trojan has infected over 300,000 users in 71 countries. The malware, which is primarily designed to steal Facebook credentials, is disguised as legitimate education-themed applications in order to trick unsuspecting users into downloading it. The apps, which were previously available for download from the official Google Play Store, have since been removed. Nonetheless, they are still available on third-party app stores. According to Zimperium researchers Nipun Gupta and Aazim Bill SE Yaswant, this Trojan steals Facebook credentials via JavaScript injection. It does this by launching Facebook's login page in a WebView and embedding malicious JavaScript code within it to exfiltrate the user's phone number, email address, and password to a configured command-and-control (C2) server. In order to avoid detection by antivirus software, the Schoolyard Bully Trojan also makes use of native libraries such as "libabc.so." While the malware targets Vietnamese language apps, it has also been discovered in a number of other apps available in over 70 countries, highlighting the scope of the attacks. This article continues to discuss the Schoolyard Bully Trojan apps stealing Facebook credentials from more than 300,000 Android users.