Schoolyard Bully: a Facebook Trojan.

Schoolyard Bully: a Facebook Trojan.

Mobile security firm Zimperium has discovered an Android threat, the Schoolyard Bully Trojan. The Trojan has been active since 2018 and primarily targets Vietnamese readers. The Trojan has the ability to steal credentials from the Facebook accounts of victims, including email, phone number, password, ID and name.

How it works.

The Trojan disguises itself as a reading or educational app, IT World Canada reports. The malware also uses Javascript injections to display phishing pages designed to look like a Facebook login screen, allowing the victim’s credentials to be stolen. “The Trojan steals these details by using WebView to open a legitimate Facebook login page inside the app and inject malicious JavaScript to extract the user input,” says IT World Canada.

The bullies are very similar to those involved in FlyTrap.

Zimperium reports similarities between this campaign and one called “FlyTrap,” which involved Vietnamese threat actors creating and distributing applications. While this Trojan targets Vietnamese readers, researchers discovered differences in code samples, leading them to believe that there is no direct connection between FlyTrap and this Trojan.

The schoolyard bully’s victims.

Vietnamese readers are the primary target of the Trojan, but the malware has been seen victimizing over 300,000 people in 71 different countries. However, Zimperium acknowledges that infected applications still exist in some third-party app stores.

Expert commentary on the schoolyard bully trojan.

Chris Hauk, privacy advocate at Pixel Privacy, recommends using antivirus software:

See also  IOTW : un hacker aurait frappé à la fois Uber et Rockstar

“Although Google has improved its defenses against malware scanning in the Google Play Store, malicious apps like this still slip into the store and achieve thousands or even millions of downloads before their malicious payloads are detected. Although apps like this can still cause problems in the store, it is still safer than loading apps on your Android device from external sources.I strongly recommend that Android users install and periodically run antivirus and anti-malware apps on their devices s. I personally use Malwarebytes, but there are several quality security suites available for Android devices. Malware scanning can help Android users detect previously unknown malicious apps that may be installed on their devices.”

Paul Bischoff, privacy attorney at Comparitech, recommends sticking with the Google Play Store and enabling multi-factor authentication on Facebook:

“If you install a malicious information-stealing app on your device, there is nothing Facebook can do to protect your account from being hacked. Although this was an attack on Facebook users, it does not exploit a Facebook vulnerability. Every Facebook -users should set up multi-factor authentication on their accounts to prevent attackers from breaking in, even if they have the password. Unfortunately, Facebook doesn’t require MFA, so many people never turn it on, either out of convenience or ignorance. Android users should stick to apps in the Google Play Store and avoid third-party app stores and APK download sites.Google Play checks all the apps uploaded to it and ensures that you get the authentic, latest version, as opposed to an older vulnerable version or one that is corrupted with malware Google Play isn’t perfect — apps on Google Play were infected with Schoolyard Bully — but it’s better than the alternatives and quick to act on alerts t about a malicious app.”

See also  De nombreuses organisations piratées après avoir installé des applications open source militarisées

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *