Schoolyard Bully Trojan Apps Stole Fb Credentials from Over 300,000 Android Customers

Dec 01, 2022Ravie LakshmananCellular Menace Advisory

Facebook Hacking

Greater than 300,000 customers throughout 71 nations have been victimized by a brand new Android menace marketing campaign referred to as the Schoolyard Bully Trojan.

Primarily designed to steal Fb credentials, the malware is camouflaged as reliable education-themed purposes to lure unsuspecting customers into downloading them.

The apps, which have been out there for obtain from the official Google Play Retailer, have now been taken down. That mentioned, they nonetheless proceed to be out there on third-party app shops.

“This trojan makes use of JavaScript injection to steal the Fb credentials,” Zimperium researchers Nipun Gupta and Aazim Invoice SE Yaswant mentioned in a report shared with The Hacker Information.

It achieves this by launching Fb’s login web page in a WebView, which additionally embeds inside it malicious JavasCript code to exfiltrate the person’s telephone quantity, e mail deal with, and password to a configured command-and-control (C2) server.

Schoolyard Bully Trojan

The Schoolyard Bully Trojan additional makes use of native libraries resembling “” in order to keep away from detection by antivirus options.

Whereas the malware singles out Vietnamese language purposes, it has additionally been found in a number of different apps out there in over 70 nations, underscoring the size of the assaults.


Uncover the Hidden Risks of Third-Social gathering SaaS Apps

Are you conscious of the dangers related to third-party app entry to your organization’s SaaS apps? Be part of our webinar to be taught in regards to the kinds of permissions being granted and learn how to reduce threat.


The findings come greater than a 12 months after Zimperium unearthed comparable exercise aimed toward compromising Fb accounts by way of rogue Android apps as a part of a marketing campaign codenamed FlyTrap.

“Attackers could cause lots of havoc by stealing Fb passwords,” Richard Melick, director of cell menace intelligence at Zimperium, mentioned. “If they will impersonate somebody from their reliable Fb account, it turns into extraordinarily simple to phish buddies and different contacts into sending cash or delicate info.”

“It is also very regarding how many individuals reuse the identical passwords. If an attacker steals somebody’s Fb password, there is a excessive chance that very same e mail and password will work with banking or monetary apps, company accounts and a lot extra.”

Discovered this text fascinating? Comply with us on Twitter and LinkedIn to learn extra unique content material we publish.

Supply By

Related posts