masquerading as reading and education applications, has begun since 2018 and is attempting to steal Facebook log in data from infected devices.

Android malware infects 300,000 devices to steal Facebook accounts

A security report states that a malware campaign targeting the Android operating system, masquerading as reading and education applications, has begun since 2018 and is attempting to steal Facebook log in data from infected devices.

According to a Zimperium report, the campaign infected at least 300,000 devices in 71 countries, with a focus on Vietnam.

Zimperium reported that some of the apps used to spread the Trojan, which the company dubbed Schoolyard Bully, were previously on the Google Play Store, but have been removed.

However, Zimperium warns that apps are still proliferating through third-party Android app stores.

Map of target countries
Map of target countries

The company stated that it called Schoolyard Bully the malicious program because it disguises itself as a useful and harmless educational application, but the main goal of the program is to steal Facebook account credentials, such as email, password, account ID, username, device name, and device RAM. , and the device API.

According to the report, the Android malware steals these details by opening a legitimate Facebook login page within the app using WebView pages and inserting malicious JavaScript code to extract user input.

Fake web page
Fake web page

Furthermore, the malware uses native libraries to hide its malicious code from security software and analysis tools.

Zimperium says it has detected this malware on 300,000 victims in 71 countries based on its telemetry data. Since 37 apps related to this campaign are being distributed via third-party app stores, the number of victims is likely to be higher since there is no reliable way to measure the number of victims on these platforms.

Zimperium also warns that there may be more apps in addition to those discovered by its researchers behind this campaign.

The company said the threat actors behind Schoolyard Bully are unknown, but that analysts were able to determine that the malware is not linked to Operation FlyTrap, which attempted to hijack Facebook accounts and focused on Vietnam.