- One of the best mid-range sports watches I've tested is on sale for Black Friday
- This monster 240W charger has features I've never seen on other accessories (and get $60 off this Black Friday)
- This laptop power bank has served me well for years, and this Black Friday deal slashes the price in half
- This power bank is thinner than your iPhone and this Black Friday deal slashes 27% off the price
- New Levels, New Devils: The Multifaceted Extortion Tactics Keeping Ransomware Alive
Trojan Steals Facebook Details from Over 300K Victims
A newly discovered Trojan has stolen Facebook logins from over 300,000 users in a campaign lasting four years, according to Zimperium.
The security vendor claimed to have found the “Schoolyard Bully” malware hidden in several applications available on both Google Play and third-party app stores.
“Even though these apps have now been removed from Google Play Store, they are still available on third-party app stores waiting to shake down their next student victim,” the firm warned.
The malware is designed to steal the email, phone number, Facebook password, ID and name of its victims, and is hidden in benign-looking educational applications, Zimperium explained.
“This Trojan uses Javascript injection to steal the Facebook credentials,” it added. “The Trojan opens the legitimate URL inside a WebView with the malicious Javascript injected to extract the user’s phone number, email address and password, then sends it to the configured Firebase C&C.”
It uses native libraries to stay hidden from most AV and machine learning detection tools, and to store its C&C data.
Although focused on Vietnam, the long-running campaign has been infecting users in 71 countries since 2018, Zimperium added.
“The actual number of countries could be more than what was accounted for because the applications are still being found in third-party app stores,” the security vendor said.
Malicious applications continue to flourish in the Android ecosystem, despite Google’s best efforts to police the Play store. Just last month, researchers discovered a new banking Trojan dubbed “Vultur” which garnered 100,000 downloads on Google Play.
Editorial credit header image: Daniel Chetroni / Shutterstock.com