Over 300,000 Android users have fallen victim to a newly discovered user campaign malicious apps to infect their devices with a Trojan that can hacking facebook accounts.
According to a new report (opens in a new tab) from ZimperiumThe Schoolyard Bully Trojan has been active since 2018, although cybercriminals have recently been using seemingly innocent educational apps on the Google Play Store and third-party app stores to distribute it.
Facebook has over 2.96 billion monthly users which is why attackers continue to target the platform and this Trojan is capable of stealing emails, phone numbers, passwords, IDs and full names from it. And since password reuse remains a major problem, stolen Facebook passwords can often be used to gain access to users’ financial accounts.
Using malicious apps to target victims
In this latest campaign, educational apps are used to distribute the Schoolyard Bully Trojan, primarily to those in Vietnam, but users from 70 other countries have also been targeted.
These malicious apps – which have since been removed from the Play Store – include a chat option, although users must log into their Facebook account before using it.
When a user tries to log in, Schoolyard Bully uses JavaScript injection to steal their Facebook credentials, which are then sent to a command and control (C&C) server run by the attackers. The Trojan is also able to escape antivirus software using native libraries to store the C&C data.
According to Zimperium, Android users in countries around the world including the US, Canada, Australia, Brazil, the UK, India and others have been targeted by Schoolyard Bully. However, the actual number of countries may be higher since these malicious apps can still be found in third-party app stores.
How to stay safe from Android Trojans and malware
To avoid having your Facebook and other credentials stolen by hackers, the first thing you should do is avoid installing apps from unofficial app stores and unknown sources. Sideloading apps is one of the many benefits of being an Android user, but it can also be dangerous if you’re not careful.
You also want to make sure of that Google Play Protect is enabled on your Android smartphone, as this built-in app can scan any new apps you download as well as the other apps you have installed for malware. For additional protection, you may want to consider using one of those best android antivirus apps next to it.
Finally, think carefully before installing a new app on your devices. Sure, Google scans them for malware and viruses before uploading them to the Play Store, but bad apps occasionally manage to slip through the cracks. This is why you should read external reviews and look into the app developer before hitting the install button.
The Schoolyard Bully Trojan has been active for over four years now, during which time it has stolen credentials from over 300,000 users. As such, this Trojan will likely continue to be used by cybercriminals to steal passwords and accounts from unsuspecting users.