Over 300,000 Android users hit by Facebook login-stealing malware

Mennesker og mobiler
SomNy: Brukt iPhone eller Samsung-mobiler er en god måte å holde liv i telefoner og spare miljø og klima. (Image credit: gettyimages/Kar-Tr)

Cybersecurity researchers from Zimperium recently discovered 37 Android apps that were distributing infostealing malware dubbed 'Schoolyard Bully'.

The apps were initially distributed through the Play Store, but once Google discovered and removed them, they continued their existence on third-party app repositories. 

As such, they still pose a risk today. Combined, the apps were allegedly downloaded 300,000 times in 71 countries around the world. People living in Vietnam seem to be the malware’s number one target, though.

Facebook in the crosshairs

'Schoolyard Bully' got its name for masquerading as educational apps. When victims try to run them on their endpoints, they’ll get a legitimate Facebook login popup, but malicious JavaScript code runs in the background to extract whatever the user inputs. 

It can gather Facebook credentials, account IDs, usernames, device names, RAM data and API data.

So far, the researchers haven’t been able to ascertain the threat actor behind the campaign, but they do know that it has been ongoing for at least four years.

Facebook passwords are targeted frequently by threat actors for a number of reasons. They can use the platform to distribute more dangerous malware to a large audience, and push fake narratives by commenting and sharing news. 

They can also use the access to launch business email compromise (BEC) attacks and other forms of identity theft.

And since people reuse passwords across different services, they can try and access other accounts belonging to their victims too. 

Users are advised to keep unique passwords across different services, and use multi-factor authentication (MFA) wherever possible. What’s more, they’re advised not to download mobile apps from unverified sources and third-party repositories.

Via: BleepingComputer

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.