Trojan Apps Stole Facebook Credentials From Over 300,000 Android Users

 

In the aftermath of the chaos caused by Schoolyard Bully Trojan, a new malware program for Android phones, more than 300,000 people in 71 countries have been affected. 

This malware is mainly intended to steal Facebook credentials from unsuspecting users. It is disguised as legitimate educational applications designed to trick users into downloading the malware without realizing that they are doing so. 

This week, it was announced that the apps had been removed from the official Google Play Store, where they had been available for download. However, it is still possible to download them from third-party app stores. 

According to Zimperium researchers Nipun Gupta and Aazim Bill SE Yashwant, this trojan uses JavaScript injection to steal Facebook credentials. The method by which it achieves this is by launching the Facebook login page within a WebView, which also includes malicious JavaScript code that encrypts and exfiltrates the user's phone number, email address, and password, which are then forwarded to one of the command-and-control (C2) servers in just one click. 

It is important to note that the Schoolyard Bully Trojan also uses native libraries to avoid detection by antivirus software, such as "libabc. so", for example. 

Aside from Vietnamese-language apps, the malware has also been detected in several other apps from over 70 countries, underscoring the global scope and scale of the problem. 

In a campaign codenamed FlyTrap, Zimperium discovered similar activity in the past year. This involved rogue Android apps delivering spam messages that intended to compromise Facebook accounts through Twitter accounts and Instant Messages. 

In a recent report by Zimperium, Richard Melick, director of mobile threat intelligence at Zimperium, stated that hackers have the potential to wreak havoc if they steal Facebook passwords. It becomes effortless for phishers to exploit friends and other contacts if they can impersonate someone from their legitimate Facebook account. Consequently, they can be tricked into sending money or sensitive information to fraudsters. 

The users' tendency to reuse the same passwords makes them more vulnerable to being attacked by an attacker who can more easily acquire their Facebook password. 

This is to access banking or financial apps, corporate accounts, web browsing, etc. If someone steals one's Facebook password, there is a high likelihood that the same password will also work with other apps or services. 

Social media has become popular with each sector and age group. With a rapidly growing number of social media users, caution while using social media should also be increased. There are several cyber-attack cases where malicious actors attacked the victim’s social media to steal sensitive information. Social media is a necessity in current times, so to use it without being a victim, you need to protect your social media from such attacks. There are some points you can follow: 

• Prefer using stronger passwords.

• Use different passwords for different platforms.

• Enable two-step authentication security.

Malware and Trojans on Android: How to Avoid Them

As a first step, you should avoid installing apps from unofficial app stores and unknown sources. This will prevent your Facebook and other credentials from being stolen by hackers. The ability to sideload apps is one of the perks of using an Android device, but if caution is not exercised, it may result in harm. 

It is also wise to ensure that Google Play Protect is enabled on your Android device. This app can scan newly downloaded apps and other installed apps for malware. Aside from this application, you can also consider using one of the most effective Android antivirus applications to provide additional protection. 

Additionally, before updating any apps on your device, you must be mindful. While Google ensures that the apps it uploads to the Play Store are free of malware and viruses, it is still possible for malicious apps to creep their way into the store. To avoid this, it is recommended to read external reviews of an app before you decide to install it. You can also look at the app's developer before downloading it. 

A Trojan horse, Schoolyard Bully, was prominent on the Internet over four years ago. During that time, it was successful in stealing over 300,000 user credentials from users who were infected with it. Therefore, it is probable that cybercriminals will continue to use Trojan computers to steal passwords and account information from unsuspecting users as long as they continue to exist.