Over 300,000 Android users hit by Facebook login-stealing malware
>
Cybersecurity researchers at Zimperium recently discovered 37 Android apps distributing information-stealing malware dubbed ‘Schoolyard Bully’.
The apps were initially distributed through the Play Store, but once Google discovered and removed them, they persisted in third-party app repositories.
As such, they still pose a risk today. Combined, the apps would have been downloaded 300,000 times in 71 countries around the world. However, people living in Vietnam seem to be the main target of the malware.
Facebook in sight
‘Schoolyard Bully’ got its name because it masqueraded as educational apps. When victims try to run them on their endpoints (opens in new tab)they get a legitimate pop-up to log into Facebook, but malicious JavaScript code runs in the background to extract everything the user enters.
It can collect Facebook credentials, account IDs, usernames, device names, RAM data, and API data.
So far, the researchers have been unable to pinpoint the threat actor behind the campaign, but they do know it has been going on for at least four years.
Facebook passwords are often targeted by cybercriminals for a number of reasons. They can use the platform to distribute more dangerous malware (opens in new tab) to a large audience and spread false stories by commenting and sharing news.
They can also use the access to conduct Business Email Compromise (BEC) attacks and other forms of identity theft.
And since people reuse passwords for different services, they can also try to access other accounts of their victims.
Users are advised to keep unique passwords for different services and use multi-factor authentication (MFA) where possible. In addition, they are advised not to download mobile apps from unauthenticated third-party sources and repositories.
Through: Beeping computer (opens in new tab)