Trojan Steals Facebook Credentials From Over 300K Android Users
A new Android campaign called Schoolyard Bully has spread to over 300,000 Facebook users. The trojan has been found in applications downloaded from the Google Play store and third-party app stores.
Schoolyard Bully disguises itself as an educational application primarily targeting Vietnamese readers.
Zimperium Researchers said The trojan uses Javascript injection to steal Facebook credentials. The Trojan opens the legitimate URL inside a WebView with the malicious javascript injected to extract the user’s phone number, email address, and password then sends it to the configured Firebase C&C.
Even though the primary victim group is Vietnamese, Zimperium Research has found over 300,000 victims in over 71 countries. The number of counties could be more than what was accounted for because the applications are still being found in third-party app stores.