Facebook accounts are stolen with this trick. 300,000 Facebook users are the victims of an Android malware campaign that infects devices with a Trojan horse and steals their Facebook credentials.
As indicated by a report by network safety firm Zimperium, the mission has been dynamic beginning around 2018 and principally targets Vietnamese users.
They discovered the Trojan, which they dubbed “Schoolyard Bully,” in a variety of apps downloaded from the Google Play Store and other app stores.
These apps say they are educational, offering users access to a wide range of books and subjects. The apps, on the other hand, really want to steal information.
The Trojan opens a legitimate Facebook login page within the app and injects malicious JavaScript code to obtain user inputs. This allows the Trojan to steal these data:
- Name on Facebook profile
- Facebook ID
- Facebook email/phone number
- Facebook password
- Device name
- Device API
- Device RAM
Even machine learning virus detections and antivirus programs can’t stop the malware.
Zimperium claims that the threat campaign has affected at least 300,000 users in 71 nations. However, due to the fact that the applications are still available in third-party app stores, the exact number of countries could be underreported.
Zimperium noted the campaign’s significant impact:
Facebook reaches nearly 2.96 billion monthly users and continues to be the number one social media platform. As attackers leverage the Schoolyard Bully Trojan to gain unauthorized access to credentials, they have far more success accessing financial accounts. Nearly 64% of individuals use the same password that was exposed in a previous breach. With the percentage of users recycling passwords, it is no surprise the Schoolyard Bully Trojan has been active for years.
How to protect your credentials from this trojan
To safeguard your device from potentially malicious applications, always check an app’s reviews. Ensure too that your antivirus programming is refreshed. Finally, evaluate the apps’ requests for permissions with care. It could be malicious if an app asks for permission that has no bearing on how the program works.
Facebook accounts are stolen with this trick, make sure you take all the precaution highlighted in this article to protect your Facebook account.
Source: Zimperium