‘Schoolyard Bully’ Android trojan revealed, it affected over 300,000 people

Hotstar in UAE
Hotstar in UAE

Zimperium has managed to discover yet another nasty Android trojan. This time around we’re looking at the so-called ‘Schoolyard Bully’ Android trojan, which managed to affect over 300,000 users to this day.

‘Schoolyard Bully’ Android trojan wants to steal your Facebook credentials

The company went on to explain that this trojan actually targets your Facebook credentials. It has been doing so since 2018, so for quite some time now. It can be found in numerous educational applications that have been downloaded from the Google Play Store and third-party app stores.

Do note that the apps hiding the Schoolyard Bully trojan have been removed from the Google Play Store. They do still lurk around third-party app stores, so be extra careful if you’re using any.

“Attackers can cause a lot of havoc by stealing Facebook passwords. If they can impersonate someone from their legitimate Facebook account, it becomes extremely easy to phish friends and other contacts into sending money or sensitive information”, said Rochard Melick, Director of Mobile Threat Intelligence at Zimperium.

This trojan reached 71 countries thus far, and over 300,000 users

Zimperium went on to explain that this trojan targets mainly Vietnamese language applications, but it’s not exclusive to those. It has actually been spotted in 71 countries up until now, so its reach is quite wide.

This trojan is quite sneaky. It uses native libraries to hide from antivirus software, and machine learning virus detections. It uses the same technique to store the command and control data.

If you installed an app that has this trojan in it, you’re at risk of losing your Facebook identity, in a way. This trojan can steal your Facebook email, phone number, password, ID, and name.

Considering that Facebook has almost 3 billion monthly active users, this trojan has plenty of users to target. Many users who downloaded a malicious educational app probably have a Facebook account, and an app installed on their phone.

You should always be careful when installing unknown apps, especially from third-party app stores. The same goes for granting permissions to those apps.

2022-12-01 15:10:56