https://www.zimperium.com/blog/schoolyard-bully-trojan-facebook-credential-stealer/
Zimperium zLabs has discovered a new Android threat campaign, the Schoolyard Bully Trojan, which has been active since 2018. The campaign has spread to over 300,000 victims and is specifically targeting Facebook credentials. The Schoolyard Bully Trojans have been found in numerous applications that were downloaded from the Google Play Store and third-party app stores…
The Schoolyard Bully Trojan can steal the following information from the Facebook account of their unsuspecting victims:
Email / Phone Number
Password
ID
NameThe Schoolyard Bully Trojan is stealthy and disguises itself as educational applications, primarily targeting Vietnamese readers..
This trojan uses Javascript injection to steal the Facebook credentials. The Trojan opens the legitimate URL inside a WebView with the malicious javascript injected to extract the user’s phone number, email address and password, then sends it to the configured Firebase C&C…
