Malware steals Facebook account details from 300,000 devices

New malware is on the prowl and is seen spreading malicious software in disguise of applications meant for teaching, reading, and other education-related activities. In particular, the apps targeted users from Vietnam and infected about 300,000 devices in over 71 countries just to steal Facebook(FB) credentials.

ZIMPERIUM is the firm that conducted the study and discovered the infection in the wild in 2018. The company named the malevolent software “Schoolyard Bully” and Google removed it from its play-store in early 2019.

Surprisingly and as expected, the malware is circulating on Android devices and spreading through 3rd party app stores available on the web.

As of now, Schoolyard Bully is caught infecting Vietnam’s smart device populace, and the reason is unknown. But is discovered stealing FB credentials such as email and passwords, device names, device RAM, Device API, usernames, and account IDs from connected devices operating in over 71 countries.

In other news related to the malware and stealing info from android OS loaded devices, some hackers are found using platform certificates often used by OEM vendors to digitally sign core systems apps.

And if threat actors gain permission for such access, then their developed applications can gain system-level access, allowing them to install or delete packages, manage ongoing calls and messaging, gather data about the device and send it to remote servers.

Lukasz Siekierski, a Reverse Engineer at Google, confirmed the news and added that cyber crooks were seen compromising Samsung, LG, and MediaTek certificates that allow signing Android malware.

Google took measures to keep the OEMs informed about the certification abuse and is urging them to rotate their platform certificates, check for any leaks, and keep a tab of apps that have legible access to their core system platforms.


The post Malware steals Facebook account details from 300,000 devices appeared first on Cybersecurity Insiders.


See Our Latest

Blog Posts

admin June 19th, 2024

Snowflake’s mission is to mobilize the entire world’s data, and there are millions of data scientists and developers who don’t […]

admin June 19th, 2024

The journey toward achieving a robust data platform that secures all your data in one place can seem like a […]

admin June 19th, 2024

It is estimated that between 80% and 90% of the world’s data is unstructured1, with text files and documents making […]