An Android malware campaign disguised as reading and education apps has been attempting to steal Facebook accounts since 2018.

A report from Zimperium suggests that the campaign has already infected around 300,000 devices across 71 markets with a primary focus on Vietnam.

The said apps spreading the trojan were called “Schoolyard Bully”. They used to be present in Google Play but have already been removed. Although, Zimperium warned that the apps are still present on third-party Android app stores.

Its main goal is to steal Facebook login credentials such as the email and password, username, and account ID, as well as the device name, RAM, and API.


The malware operates by opening a legitimate Facebook login page within the app using WebView. Then, it includes JavaScript that can extract whatever the user is typing in. The malware also utilizes native libraries to hide its malicious code from analysis tools and security software.

According to Zimperium, they detected the malware on 300,000 devices in 71 countries. The campaign consists of 37 apps that are distributed through third-party app stores. Since they are spread through these platforms, there could be more victims affected than initially thought since there’s no reliable way to measure the total number of downloads.

SEE ALSO: How to find hidden apps on your Android device

To keep you safe from these types of malware, it’s best to only get your apps straight from the Google Play Store and make sure your apps are updated or still available on the official store as the apps already in your phone will not be removed from the Play Store automatically.

Via: Bleeping Computer

This article, Malware on 300,000 Android devices can steal Facebook accounts, was originally published at NoypiGeeks | Philippines Technology News, Reviews and How to’s.