‘Schoolyard Bully’ Android Trojan Targeted Facebook Credentials of 300,000 Users
House › Cellular Safety
‘Schoolyard Bully’ Android Trojan Focused Fb Credentials of 300,000 Customers
By Eduard Kovacs on December 01, 2022
Tweet
Cellular safety agency Zimperium is warning of an Android trojan that will have stolen Fb credentials from numerous customers.
The malware, named Schoolyard Bully Trojan by Zimperium, seems to primarily goal Vietnam, however the safety firm is conscious of greater than 300,000 victims positioned throughout 71 nations.
“The precise variety of nations might be greater than what was accounted for as a result of the functions are nonetheless being present in third-party app shops,” the safety agency mentioned.
Lively since 2018, Schoolyard Bully has been delivered by innocent-looking Android functions hosted on Google Play and numerous third-party app shops. Google has eliminated the malware from its official app retailer, however the malicious functions are nonetheless obtainable on different web sites, Zimperium mentioned.
The malware is commonly hidden inside what look like instructional functions. Schoolyard Bully depends on JavaScript injections to show phishing pages designed to trick customers into handing over their Fb username and password.
The malware additionally helps the cybercriminals accumulate data comparable to Fb profile identify, Fb ID, and system particulars.
Final 12 months, Zimperium detailed a marketing campaign known as FlyTrap, which additionally concerned an Android trojan designed to compromise Fb accounts, and that operation was additionally linked to Vietnam. Nonetheless, the corporate’s researchers imagine, primarily based on supply code evaluation, that FlyTrap and Schoolyard Bully are fully completely different campaigns.
Zimperium has made obtainable technical data and indicators of compromise (IoCs) that can be utilized to detect Schoolyard Bully malware.
Associated: ‘MaliBot’ Android Malware Steals Monetary, Private Info
Associated: SharkBot Android Malware Continues Popping Up on Google Play
Associated: Faux Netflix App Luring Android Customers to Malware
Get the Every day Briefing
- Most Current
- Most Learn
- ‘Schoolyard Bully’ Android Trojan Focused Fb Credentials of 300,000 Customers
- Buyers Double Down on Pangea Cyber API Safety Guess
- Albanian IT Workers Charged With Negligence Over Cyberattack
- A number of Automobile Manufacturers Uncovered to Hacking by Flaw in Sirius XM Linked Automobile Service
- GoTo, LastPass Notify Clients of New Information Breach Associated to Earlier Incident
- El Salvador Journalists Sue NSO Group in US Over Alleged Pegasus Assaults
- Nvidia Patches Many Vulnerabilities in Home windows, Linux Show Drivers
- Vulnerabilities in Well-liked Keyboard and Mouse Android Apps Expose Consumer Information
- Vanuatu Struggles Again On-line After Cyberattack
- Hackers Dump Australian Well being Information On-line, Declare ‘Case Closed’
On the lookout for Malware in All of the Fallacious Locations?
First Step For The Web’s subsequent 25 years: Including Safety to the DNS
Tattle Story: What Your Pc Says About You
Be in a Place to Act By way of Cyber Situational Consciousness
Report Reveals Closely Regulated Industries Letting Social Networking Apps Run Rampant
2010, A Nice 12 months To Be a Scammer.
Do not Let DNS be Your Single Level of Failure
How one can Establish Malware in a Blink
Defining and Debating Cyber Warfare
The 5 A’s that Make Cybercrime so Engaging
How one can Defend In opposition to DDoS Assaults
Safety Budgets Not in Line with Threats
Anycast – Three Causes Why Your DNS Community Ought to Use It
The Evolution of the Prolonged Enterprise: Safety Methods for Ahead Pondering Organizations
Utilizing DNS Throughout the Prolonged Enterprise: It’s Dangerous Enterprise
