In a new report published by the computer security company Zimperium there is talk of a new android malware campaign that using some fraudulent apps included in the “Reading and Education” category, they infect devices with malware that aims to steal Facebook credentials.
The campaign apparently would have been active since 2018 and would have started from Vietnam, but it would have infected over 300,000 users from 71 countries in four years. The trojan was called “Schoolyard Bully” and according to reports it is present in various applications on the Google Play Store and third-party stores.
Posing as educational apps, with a wide range of books available to users, they aim to steal personal information such as:
- Name on Facebook profile
- Facebook ID
- Facebook email/phone number
- Facebook password
- Device name
- Device APIs
- Device RAM
The data theft would take place through a Facebook login page (real, not fake) within the application, which injects malicious JavaScript code that allows attackers to detect user inputs. Worryingly, malware can also evade antivirus and machine learning systems.
In cases like these, the advice is always to stick to the apps published by verified developers and above all from the Play Store. Researchers also advise paying attention to the reviews.