Zimperium uncovers Android trojan masquerading as reading and education app

Share post:

Zimperium, a mobile security firm, is warning of an Android trojan masquerading as reading and education apps that may have stolen Facebook credentials from at least 300,000 users across 71 countries, primarily in Vietnam, since 2018.

Zimperium has named the malware Schoolyard Bully Trojan, and it has been delivered via innocent-looking Android applications hosted on Google Play and various third-party app stores. Despite the fact that Google has removed the malware from its official app store, the malicious applications can still be found on other websites.

It also uses JavaScript injections to display phishing pages designed to trick users into providing their Facebook username and password, which is its primary goal.

The trojan steals these details by using WebView to open a legitimate Facebook login page inside the app and injecting malicious JavaScript to extract the user inputs. The Schoolyard Bully trojan primarily targets Vietnamese language applications, but it has been discovered in 71 countries so far, demonstrating the campaign’s global reach. However, because applications are still being found in third-party app stores, the actual number of countries where Schoolyard Bully is active could be even higher and continue to grow.

The malware hides from the majority of antivirus and machine learning virus detections by using native libraries, and it stores command and control data in a native library called libabc.so. The data is further encoded in order to conceal all of the strings from detection mechanisms.

The sources for this piece include an article in BleepingComputer.

SUBSCRIBE NOW

Related articles

New macOS Malware Exploits Apple’s Security Features to Stay Hidden and Steal User Data

A newly discovered variant of the Banshee macOS Stealer malware is putting 100 million Apple users at risk...

Microsoft MFA Outage Blocks Access to Microsoft 365 Apps, Raising Cloud Reliability Concerns

Microsoft faced another significant service disruption over the weekend, with a Multi-Factor Authentication (MFA) outage that blocked users...

Cyber Attack Hits Key Dutch University, Raising Concerns for Chip Giant ASML

Eindhoven University of Technology, a critical partner for semiconductor giant ASML Holding NV, has been hit by a...

Researcher Finds Critical Facebook Server Flaw, Warns Other Platforms May Be at Risk

Security researcher Ben Sadeghipour recently discovered a critical vulnerability in Meta’s Facebook ad platform that allowed him to...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways