More than 300.000 Android users affected by Facebook login stealing malware

More than 300.000 Android users affected by Facebook login stealing malware

Zimperium cybersecurity researchers recently discovered 37 Android apps distributing information-stealing malware called "Schoolyard Bully."

The apps were initially distributed through the Play Store, but once Google discovered and removed them, they continued to exist in third-party app repositories.

As such, they still pose a risk today. Combined, the apps were downloaded 300.000 times in 71 countries around the world. However, people living in Vietnam appear to be the number one target of malware.

Facebook in the crosshairs

"Schoolyard Bully" got its name because it impersonates educational apps. When victims try to run them on their endpoints (opens in a new tab), they get a legitimate Facebook login popup, but the malicious JavaScript runs in the background to extract whatever is between the user.

It can collect Facebook credentials, account IDs, usernames, device names, RAM data, and API data.

So far, researchers haven't been able to determine the threat actor behind the campaign, but they know it's been going on for at least four years.

Facebook passwords are a frequent target of threat actors for a number of reasons. They can use the platform to distribute more dangerous malware (opens in a new tab) to a wide audience and spread fake stories by commenting and sharing information.

They can also use the access to launch business email compromise (BEC) attacks and other forms of phishing.

And since people reuse passwords across different services, they can also try to access other accounts belonging to their victims.

Users are encouraged to maintain unique passwords across different services and use multi-factor authentication (MFA) whenever possible. Also, they are advised not to download mobile apps from unverified sources and third-party repositories.

Via: BleepingComputer (Opens in a new tab)