Cybersecurity researchers from Zimperium recently discovered 37 Android apps that were distributing infostealing malware dubbed ‘Schoolyard Bully’.
The apps were initially distributed through the Play Store, but once Google discovered and removed them, they continued their existence on third-party app repositories.
As such, they still pose a risk today. Combined, the apps were allegedly downloaded 300,000 times in 71 countries around the world. People living in Vietnam seem to be the malware’s number one target, though.
Facebook in the crosshairs
‘Schoolyard Bully’ got its name for masquerading as educational apps. When victims try to run them on their endpoints (opens in new tab), they’ll get a legitimate Facebook login popup, but malicious JavaScript code runs in the background to extract whatever the user inputs.
It can gather Facebook credentials, account IDs, usernames, device names, RAM data and API data.
So far, the researchers haven’t been able to ascertain the threat actor behind the campaign, but they do know that it has been ongoing for at least four years.
Facebook passwords are targeted frequently by threat actors for a number of reasons. They can use the platform to distribute more dangerous malware (opens in new tab) to a large audience, and push fake narratives by commenting and sharing news.
They can also use the access to launch business email compromise (BEC) attacks and other forms of identity theft.
And since people reuse passwords across different services, they can try and access other accounts belonging to their victims too.
Users are advised to keep unique passwords across different services, and use multi-factor authentication (MFA) wherever possible. What’s more, they’re advised not to download mobile apps from unverified sources and third-party repositories.
Via: BleepingComputer (opens in new tab)
