Thanks to the mobile security firm Zimperium we now know that a Trojan-type malware, which they have named «Schoolyard Bully«, has been operating since 2018, affecting Android mobile devices to steal Facebook account access credentials, other additional data from user accounts, and even data related to infected Android devices.
Its name is due to the fact that the malware masquerades as legitimate educational apps, even being available within the Google Play StoreAlthough they have already been removed, it is still possible to encounter this malware via rogue apps on third-party app stores.
The researchers estimate that the malware It has affected more than 300,000 Android users, although the number may be higher, in 71 countries, including Spain, although Viernan is the country most affected by this malware.
Once the device has been infected, and without the affected users knowing about it, the malware opens a Facebook login page in the native app itself using WebView and injects malicious JavaScript code via the evaluateJavascript method to steal user dataexplains the security firm.
They add that:
The javascript code extracts the value of the elements with ‘ids m_login_email’ and ‘m_login_password’, which are placeholders for the phone number, email address and password
Furthermore, this malware has made use of native libraries to hide its malicious code from security applications and tools, Therefore, those affected have not become aware of having been infected with the malware.
Mobile security firm Zimperium notes that, In addition to the 37 applications associated with the malware as part of the attackers’ campaign, there could be other malicious applications not yet detected, and it is unknown who may be behind this malware, although they ruled out being related to the FlyTrap operation, which also attempted to steal Facebook accounts and focused on Vietnam.
So it’s time to review the accounts to see if there have been any strange movements, although it never hurts to change passwords periodically.
More information: Zimperium
