Android threat campaign "Schoolyard Bully Trojan" discovered by Zimperium, a leading mobile security company. threat actor using educational android application to target Facebook credentials of user. according to researcher this campaign is active since 2018 and infected over 300000 victims. application looks like real application which offer wide range of books and note and other stuff which helps students and capable to steal the Facebook credentials and uploaded to Firebase command and control center. to minimize the detection from antivirus and real time protection "Schoolyard Bully Trojan" use native libraries .
all the application which discovered by researcher is removed from play store but still they are available by third party stores. the infection process start under the chat option and used java-script injection to harvest the Facebook credentials including user's phone number, email address, and password and send it to Firebase C&C server.
No comments:
Post a Comment