Home » Over 300,000 Android users hit by Facebook login-stealing malware

Over 300,000 Android users hit by Facebook login-stealing malware

0 comment

Cybersecurity researchers from Zimperium recently discovered 37 Android apps that were distributing infostealing malware dubbed ‘Schoolyard Bully’.

The apps were initially distributed through the Play Store, but once Google discovered and removed them, they continued their existence on third-party app repositories. 

As such, they still pose a risk today. Combined, the apps were allegedly downloaded 300,000 times in 71 countries around the world. People living in Vietnam seem to be the malware’s number one target, though.
Facebook in the crosshairs

‘Schoolyard Bully’ got its name for masquerading as educational apps. When victims try to run them on their endpoints, they’ll get a legitimate Facebook login popup, but malicious JavaScript code runs in the background to extract whatever the user inputs. 

It can gather Facebook credentials, account IDs, usernames, device names, RAM data and API data.

So far, the researchers haven’t been able to ascertain the threat actor behind the campaign, but they do know that it has been ongoing for at least four years.

Read more

> This Android malware is so dangerous, even Google is worried
> These malicious Android apps have been downloaded over a million times
> Check out the best firewalls around

Facebook passwords are targeted frequently by threat actors for a number of reasons. They can use the platform to distribute more dangerous malware to a large audience, and push fake narratives by commenting and sharing news. 

They can also use the access to launch business email compromise (BEC) attacks and other forms of identity theft.

And since people reuse passwords across different services, they can try and access other accounts belonging to their victims too. 

Users are advised to keep unique passwords across different services, and use multi-factor authentication (MFA) wherever possible. What’s more, they’re advised not to download mobile apps from unverified sources and third-party repositories.

These are the best internet security suites right now

Via: BleepingComputer

Source: Read More

You may also like

Leave a Comment


Cybernonstop is created to bring news and knowledge through articles to visitors.

Do not forget to subscribe.

Laest News

@2021 – All Right Reserved. Designed and Developed by PenciDesign