 |
| Android malware infected 300000 devices to steal Facebook accounts |
Malware campaigns targeting the Android operating system, which pretends to be reading and educational apps, have been running since 2018 and, according to a security report, are trying to steal Facebook opt-out data from infected devices.
According to a report by Zimperium, the campaign has infected at least 300,000 devices in 71 countries, with a focus on Vietnam.
Zimperium reported that some of the apps used to spread the Trojan called Schoolyard Bully were previously in the Google Play Store but have now been removed.
However, Zimperium warns that apps are still duplicating through Android app stores from third-party service providers.
The company said the malware was called Schoolyard Bully because it spent a useful and harmless educational app, but the main goal of the program is to log in from Facebook accounts such as email, account ID, username, and device name to steal device RAM and device API.
According to the report, the Android malware steals these details by using a WebView to open a legitimate Facebook login page in the app and inserting malicious JavaScript code to extract user input.
In addition, the malware uses native libraries to hide malicious code from security software and scanning tools.
Zimperium said it detected the malware based on telemetry data on 300,000 victims in 71 countries. Since 37 apps connected to this campaign via app stores are sold by third-party service providers, the number of victims may be higher, as there is no reliable option to measure the number of victims on these platforms.
Zimperium also warned that there may be more apps behind the campaign than the researchers found.
The threat actor behind Schoolyard Bully was unknown, but analysts found that the malware had nothing to do with Operation Flytrap, which attempted to hijack Facebook accounts and focused on Vietnam.