Zimperium uncovers Android trojan masquerading as reading and education app

Share post:

Zimperium, a mobile security firm, is warning of an Android trojan masquerading as reading and education apps that may have stolen Facebook credentials from at least 300,000 users across 71 countries, primarily in Vietnam, since 2018.

Zimperium has named the malware Schoolyard Bully Trojan, and it has been delivered via innocent-looking Android applications hosted on Google Play and various third-party app stores. Despite the fact that Google has removed the malware from its official app store, the malicious applications can still be found on other websites.

It also uses JavaScript injections to display phishing pages designed to trick users into providing their Facebook username and password, which is its primary goal.

The trojan steals these details by using WebView to open a legitimate Facebook login page inside the app and injecting malicious JavaScript to extract the user inputs. The Schoolyard Bully trojan primarily targets Vietnamese language applications, but it has been discovered in 71 countries so far, demonstrating the campaign’s global reach. However, because applications are still being found in third-party app stores, the actual number of countries where Schoolyard Bully is active could be even higher and continue to grow.

The malware hides from the majority of antivirus and machine learning virus detections by using native libraries, and it stores command and control data in a native library called The data is further encoded in order to conceal all of the strings from detection mechanisms.

The sources for this piece include an article in BleepingComputer.

Featured Tech Jobs



Related articles

Kaspersky uncovers malware targeting iPhones running iOS 15.7 and below

Kaspersky has uncovered a sophisticated malware campaign specifically designed to infect iPhones running up to iOS 15.7 through...

WordPress fixes critical Jetpack plugin vulnerability

WordPress has addressed a critical flaw discovered in the Jetpack plugin, which had the potential to enable authors...

Akamai discovers Dark Frost botnet exploiting gaming platforms

Akamai's security intelligence response team recently has alerted the general public of Dark Frost, a botnet that has...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways