The Schoolyard Bully Trojan, a new Android threat campaign that has been active since 2018, has been found by Zimperium zLabs. Over 300,000 people have fallen victim to the campaign, which specifically targets Facebook login information.
A recent analysis by Zimperium claims that the operation, which mainly targeted Vietnam, infected victims across 71 different countries.
The Working of Schoolyard Bully Trojans
Researchers say numerous apps that were downloaded from the Google Play Store and other app stores contain the Schoolyard Bully Trojans.
“Disguised as the good guy, these malicious apps known as the “Schoolyard Bully Trojan” are camouflaged as legitimate, educational applications with a wide range of books and topics for their victims to read”, Zimperium zLabs
Malicious code was hidden within the educational apps, they were able to steal Facebook login information and upload it to threat actors’ Firebase C&C servers.
Although these apps are no longer accessible through the Google Play Store, they are still accessible through third-party app stores.
Notably, researchers say it’s not surprising that the Schoolyard Bully Trojan has been active for years given the number of users that recycle passwords.
Details Stolen From a Victim’s Facebook Account by the Schoolyard Bully Trojan:
- Email / Phone Number
The malware’s primary objective is to steal Facebook account information, including login information (email and password), account ID, username, device name, RAM, and API.
Further, the malware uses native libraries to hide from the majority of antivirus and machine-learning virus detections.
Therefore, it is recommended to perform a fast risk analysis to make sure your devices are safeguarded from trojan malware.
Secure Web Gateway – Web Filter Rules, Activity Tracking & Malware Protection – Download Free E-Book