‘Schoolyard Bully’ Android Trojan Targeted Facebook Credentials of 300,000 Users

The malware, named Schoolyard Bully Trojan by Zimperium, appears to mainly target Vietnam, but the security company is aware of more than 300,000 victims located across 71 countries.

“The actual number of countries could be more than what was accounted for because the applications are still being found in third-party app stores,” the security firm said.

Active since 2018, Schoolyard Bully has been delivered through innocent-looking Android applications hosted on Google Play and various third-party app stores. Google has removed the malware from its official app store, but the malicious applications are still available on other websites, Zimperium said.

The malware is often hidden inside what appear to be educational applications. Schoolyard Bully relies on JavaScript injections to display phishing pages designed to trick users into handing over their Facebook username and password.

The malware also helps the cybercriminals collect information such as Facebook profile name, Facebook ID, and device details.

Last year, Zimperium detailed a campaign called FlyTrap, which also involved an Android trojan designed to compromise Facebook accounts, and that operation was also linked to Vietnam. However, the company’s researchers believe, based on source code analysis, that FlyTrap and Schoolyard Bully are completely different campaigns.

Zimperium has made available technical information and indicators of compromise (IoCs) that can be used to detect Schoolyard Bully malware.

Leave a Reply

Your email address will not be published.