More than 300,000 users across 71 countries have been victimized by a new Android threat campaign called the Schoolyard Bully Trojan.
Mainly designed to steal Facebook credentials, the malware is camouflaged as legitimate education-themed applications to lure unsuspecting users into downloading them.
The apps, which were available for download from the official Google Play Store, have now been taken down. That said, they still continue to be available on third-party app stores.
“This trojan uses JavaScript injection to steal the Facebook credentials,” Zimperium researchers Nipun Gupta and Aazim Bill SE Yaswant said in a report shared with The Hacker News.
It achieves this by launching Facebook’s login page in a WebView, which also embeds within it malicious JavasCript code to exfiltrate the user’s phone number, email address, and password to a configured command-and-control (C2) server.
