Security News > 2022 > December > Schoolyard Bully Trojan Apps Stole Facebook Credentials from Over 300,000 Android Users
More than 300,000 users across 71 countries have been victimized by a new Android threat campaign called the Schoolyard Bully Trojan.
Mainly designed to steal Facebook credentials, the malware is camouflaged as legitimate education-themed applications to lure unsuspecting users into downloading them.
"This trojan uses JavaScript injection to steal the Facebook credentials," Zimperium researchers Nipun Gupta and Aazim Bill SE Yaswant said in a report shared with The Hacker News.
While the malware singles out Vietnamese language applications, it has also been discovered in several other apps available in over 70 countries, underscoring the scale of the attacks.
The findings come more than a year after Zimperium unearthed similar activity aimed at compromising Facebook accounts through rogue Android apps as part of a campaign codenamed FlyTrap.
"Attackers can cause a lot of havoc by stealing Facebook passwords," Richard Melick, director of mobile threat intelligence at Zimperium, said.
News URL
http://thehackernews.com/2022/12/schoolyard-bully-trojan-apps-stole.html
Related news
- Vultur Android Banking Trojan Returns with Upgraded Remote Control Capabilities (source)
- Mispadu Trojan Targets Europe, Thousands of Credentials Compromised (source)
- New Android Trojan 'SoumniBot' Evades Detection with Clever Tricks (source)
- Malicious Android Apps Pose as Google, Instagram, WhatsApp, to Steal Credentials (source)