Trojan Steals Facebook Details from Over 300K Victims


A newly discovered Trojan has stolen Facebook logins from over 300,000 users in a campaign lasting four years, according to Zimperium.

The security vendor claimed to have found the “Schoolyard Bully” malware hidden in several applications available on both Google Play and third-party app stores.

“Even though these apps have now been removed from Google Play Store, they are still available on third-party app stores waiting to shake down their next student victim,” the firm warned.

The malware is designed to steal the email, phone number, Facebook password, ID and name of its victims, and is hidden in benign-looking educational applications, Zimperium explained.

“This Trojan uses Javascript injection to steal the Facebook credentials,” it added. “The Trojan opens the legitimate URL inside a WebView with the malicious Javascript injected to extract the user’s phone number, email address and password, then sends it to the configured Firebase C&C.”

It uses native libraries to stay hidden from most AV and machine learning detection tools, and to store its C&C data.

Although focused on Vietnam, the long-running campaign has been infecting users in 71 countries since 2018, Zimperium added.

“The actual number of countries could be more than what was accounted for because the applications are still being found in third-party app stores,” the security vendor said.

Malicious applications continue to flourish in the Android ecosystem, despite Google’s best efforts to police the Play store. Just last month, researchers discovered a new banking Trojan dubbed “Vultur” which garnered 100,000 downloads on Google Play.

Editorial credit header image: Daniel Chetroni /

Products You May Like

Articles You May Like

U.K. Hacker Linked to Notorious Scattered Spider Group Arrested in Spain
Chinese Actor SecShow Conducts Massive DNS Probing on Global Scale
ESET Research Podcast: APT Activity Report Q4 2023–Q1 2024
Arid Viper Hackers Spy in Egypt and Palestine Using Android Spyware
New Attack Technique ‘Sleepy Pickle’ Targets Machine Learning Models

Leave a Reply

Your email address will not be published. Required fields are marked *