Schoolyard Trojan apps stole over 300,000 Android user’s Facebook credentials.

A new Android threat campaign called the Schoolyard Bully Trojan has been affecting more than 300,000 users across 71 countries.

According to a report, 2018 the campaign has been active since 2018, mainly targeting Vietnamese readers and victims across 71 other countries. Various applications have been taken down from Google Play Store but are still being found in Third-party app stores. However, they are still available on other websites.

The malware disguises itself as a legitimate educational application to fool unsuspecting users into downloading. 

What Trojan Schoolyard Bully can do

The report states, “The Trojan uses Javascript injection to steal Facebook credentials.” Launching Facebook’s login page in a WebView embeds malicious JavaScript code that exfiltrates the user’s phone number, email address, and password to a configured command-and-control (C2) server.

Furthermore, Schoolyard Bully also uses native libraries like “libabc. so” to avoid detection by anti-virus programs. Despite targeting Vietnamese-language applications, the malware has also been found in more than 70 other apps, underscoring the scale of the attack.

A similar campaign codenamed FlyTrap was discovered more than a year ago, aimed at compromising Facebook accounts by using rogue Android apps. Mobile threat intelligence Director Richard Melick said, “Attackers can cause a lot of damage sneaking Facebook passwords.”

Impersonating someone from their legitimate Facebook account allows them to easily phish friends into sending money or sensitive information.

Nearly 64% of individuals use the same passwords. Therefore, due to the high rate of password recycling, the Schoolyard Bully Trojan has been around for quite some time. If an attacker steals someone’s Facebook password, there’s a high probability that the same email and password will work with banking and financial apps, corporate accounts, and so much more.

Schoolyard Bully has been available through Google Play and other third-party app stores since 2018. However, Google has pulled out malicious applications from the play store, but they are still available on other websites.

The malware is disguised under educational applications. Using JavaScript injections, Schoolyard Bully displays phishing pages that trick Facebook users into handing over their credentials. Besides this, the malware also supports the cyber attackers in collecting information like Facebook profile name, ID, and device details.

Secure your system from Schoolyard Trojan with ESOF AppSec

Secure your system or entire IT Stack from Schoolyard malware with ESOF AppSec. AppSec provides you with extensive testing of the applications in various surroundings. Also, it will help you discover Zero-day vulnerabilities in your IT infrastructure web and app assets.

Other than this,TAC Security’s product ESOF AppSec helps in the following:

• Provide Scheduled scanning of your complete mobile app source code while detecting security and privacy issues. 
• Detects most critical vulnerabilities and vulnerable assets.
• It gives you a Cyber Risk Score, helping you save time from reading lengthy and bulky reports. With the help of a risk score, you can enhance the security posture of the complete network.
• Our ESOF Scanners Black Box and Blue Box tests are executed. It eliminates false positives and gives exact results.
• It discovers OWASP’s Top 10 Vulnerabilities and SANS’ Top 25 vulnerabilities.
• In-depth Schedules scanning of your web and mobile apps
• Allows your app to undergo penetration testing throughout the complete DevSecOps cycle to eliminate the faults.

Security is a Shared Responsibility

Download ESOF AppSec Datasheet for more details