Schoolyard Bully Trojan Apps Stole Facebook Credentials from Over 300,000 Android Users

More than 300,000 users across 71 countries have been victimized by a new Android threat campaign called the Schoolyard Bully Trojan.

Mainly designed to steal Facebook credentials, the malware is camouflaged as legitimate education-themed applications to lure unsuspecting users into downloading them.

The apps, which were available for download from the official Google Play Store, have now been taken down. That said, they still continue to be available on third-party app stores.

“This trojan uses JavaScript injection to steal the Facebook credentials,” Zimperium researchers Nipun Gupta and Aazim Bill SE Yaswant said in a Bericht shared with The Hacker News.

It achieves this by launching Facebook’s login page in a WebView, which also embeds within it malicious JavasCript code to exfiltrate the user’s phone number, email address, and password to a configured command-and-control (C2) server.

The Schoolyard Bully Trojan further makes use of native libraries such as “libabc.so” so as to avoid detection by antivirus solutions.

While the malware singles out Vietnamese language applications, it has also been discovered in several other apps available in over 70 countries, underscoring the scale of the attacks.

The findings come more than a year after Zimperium unearthed similar activity aimed at compromising Facebook accounts through rogue Android apps as part of a campaign codenamed FlyTrap.

“Attackers can cause a lot of havoc by stealing Facebook passwords,” Richard Melick, director of mobile threat intelligence at Zimperium, said. “If they can impersonate someone from their legitimate Facebook account, it becomes extremely easy to phish friends and other contacts into sending money or sensitive information.”

“It’s also very concerning how many people reuse the same passwords. If an attacker steals someone’s Facebook password, there’s a high probability that same email and password will work with banking or financial apps, corporate accounts and so much more.”

https://thehackernews.com/2022/12/schoolyard-bully-trojan-apps-stole.html

Kommentar verfassen Kommentieren abbrechen

London, GB

10:54 am, Juli 13, 2025

23°C

L: 20° | H: 24°

Fühlt sich an wie 23°C° klarer Himmel

Luftfeuchtigkeit: 61 %

Druck: 1013 mb

Wind: 4 mph NE

Windböe: 4 mph

UV-Index: 0

Niederschlag: 0 mm

Wolken: 3%

Regen Chance: 0%

Sichtbarkeit: 10 km

Sonnenaufgang: 4:58 am

Sonnenuntergang: 9:13 pm

TäglichStündlich

Tägliche VorhersageStündliche Vorhersage

Today 10:00 pm

20° | 24°°C 0 mm 0% 6 mph 56 % 1013 mb 0 mm/h

Tomorrow 10:00 pm

19° | 27°°C 0 mm 0% 15 mph 71 % 1015 mb 0 mm/h

Di. Juli 15 10:00 pm

15° | 22°°C 1 mm 100% 17 mph 85 % 1016 mb 0 mm/h

Mi. Juli 16 10:00 pm

14° | 27°°C 0.11 mm 11% 11 mph 85 % 1017 mb 0 mm/h

Do. Juli 17 10:00 pm

18° | 27°°C 1 mm 100% 13 mph 95 % 1015 mb 0 mm/h

Today 1:00 pm

24° | 27°°C 0 mm 0% 3 mph 56 % 1013 mb 0 mm/h

Today 4:00 pm

28° | 30°°C 0 mm 0% 0 mph 39 % 1011 mb 0 mm/h

Today 7:00 pm

27° | 27°°C 0 mm 0% 6 mph 31 % 1008 mb 0 mm/h

Today 10:00 pm

23° | 23°°C 0 mm 0% 6 mph 40 % 1010 mb 0 mm/h

Tomorrow 1:00 am

19° | 19°°C 0 mm 0% 5 mph 40 % 1011 mb 0 mm/h

Tomorrow 4:00 am

20° | 20°°C 0 mm 0% 5 mph 52 % 1010 mb 0 mm/h

Tomorrow 7:00 am

19° | 19°°C 0 mm 0% 9 mph 71 % 1011 mb 0 mm/h

Tomorrow 10:00 am

23° | 23°°C 0 mm 0% 12 mph 54 % 1012 mb 0 mm/h

Name	Preis	24H (%)
Bitcoin(BTC)	€100,789.02	-0.23%
Ethereum(ETH)	€2,522.88	-0.89%
XRP(XRP)	€2.38	-1.30%
Fesseln(USDT)	€0.86	0.00%
Solana(SOL)	€138.56	-0.44%
USDC(USDC)	€0.86	0.00%
Dogecoin(DOGE)	€0.168715	-2.40%
Shiba Inu(SHIB)	€0.000011	-2.45%
Pepe(PEPE)	€0.000010	-2.43%
Peanut das Eichhörnchen(PNUT)	€0.246209	7.19%

Schoolyard Bully Trojan Apps Stole Facebook Credentials from Over 300,000 Android Users

Teilen:

Kommentar verfassen Kommentieren abbrechen

Verbindung zum Dienstprogramm

Nützlicher Link

Newsletter

Folgen Sie uns