Friday November 22, 2024

Advisory ID: NCC-CSIRT-0812-062

Summary: Researchers from the mobile security firm Zimperium have found several apps that transmit malware known as "Schoolyard Bully" while disguising itself as reading and educational apps with a variety of books and topics for their victims to study. The malicious apps were available on Google Play, yet they have already been taken down. However, they still spread via third-party Android app shops. The malware infected over 300,000 android devices, and its primary objective is to steal Facebook account information, including the email address and password, account ID, username, device name, device RAM (Random Access Memory), and device API (Application Programming Interface). 

Vulnerable Platform(s):  

Facebook Social Media Platform

Threat Type:  

  • Malware

Product :  Facebook Apps for Android

Version:   All versions  

Description: The research stated that the malware employs Javascript injection to steal the Facebook login information. The malware loads a legitimate URL (web address) inside a WebView (a WebView maps website elements and enables user interaction through Android View objects and their extensions) with malicious javascript injected to obtain the user's contact information (phone number, email address, and password), then sends it to the command-and-control server. Furthermore, the malware uses native libraries to evade detection and analysis by security software and machine learning technologies.

Consquences:  

Steals Facebook account credentials

Impact/Probability: HIGH/HIGH

Solution :
  • You should always download applications from official sites and application stores.
  • When installing apps downloaded from the Google Play Store, you should double-check each application and uncheck any boxes that request extra third-party downloads.
  • Use anti-malware application to routinely scan your device for malware. 
References: