Zimperium cybersecurity researchers recently discovered 37 Android apps that were distributing information-stealing malware called “Schoolyard Bully”.
The apps were initially distributed via the Play Store, but when Google discovered and removed them, they still existed in third-party app repositories.
Therefore, they still pose a threat. In total, the apps were allegedly downloaded 300,000 times in 71 countries around the world. However, it seems that the main target of the malware is people living in Vietnam.
Facebook in the crosshairs
“Schoolyard Bully” got its name from pretending to be educational apps. When victims try to run them on their endpoints (opens in a new tab)they will get a valid Facebook login popup, but malicious JavaScript code runs in the background to extract anything the user enters.
It can collect Facebook credentials, account IDs, usernames, device names, RAM data, and API data.
So far, researchers have not been able to determine who is behind this campaign, but they know that it has been going on for at least four years.
Facebook passwords are often targeted by cybercriminals for a number of reasons. They can use the platform to distribute more dangerous malware (opens in a new tab) to a large audience and spread false narratives by commenting and sharing news.
They can also use this access to launch BEC attacks and other forms of identity theft.
And because people reuse passwords across services, they may also try to access other accounts belonging to their victims.
Users are advised to store unique passwords across services and use multi-factor authentication (MFA) where possible. Furthermore, they are advised not to download mobile apps from unverified sources and third party repositories.
By: Beeping Computer (opens in a new tab)