This Android trojan has stolen over 300,000 Facebook accounts — how to stay safe

Facebook app on phone
(Image credit: Shutterstock)

Over 300,000 Android users have fallen victim to a newly discovered campaign that uses malicious apps to infect their devices with a trojan capable of hacking Facebook accounts.

According to a new report from Zimperium, the Schoolyard Bully Trojan has been active since 2018, though more recently cybercriminals are using seemingly innocent educational apps on the Google Play Store and third-party app stores to distribute it.

Facebook has over 2.96 billion monthly users, which is why attackers continue to target the platform, and this trojan is capable of stealing emails, phone numbers, passwords, IDs and full names from it. And since password reuse is still a major problem, stolen Facebook passwords can often be used to access users’ financial accounts.

Using malicious apps to target victims

Students in kitchen

(Image credit: Shutterstock)

In this latest campaign educational apps are being used to distribute the Schoolyard Bully Trojan, primarily to those in Vietnam, but users from 70 other countries have also been targeted.

These malicious apps – which have since been removed from the Play Store – contain a chat option, though users need to log into their Facebook account before they can use it. 

When a user tries to log in, Schoolyard Bully uses JavaScript injection to steal their Facebook credentials, which are then sent to a command and control (C&C) server operated by the attackers. The trojan is also able to evade antivirus software by using native libraries to store the C&C data. 

According to Zimperium, Android users in countries around the world including the U.S., Canada, Australia, Brazil, the UK, India and others have been targeted by Schoolyard Bully. However, the actual number of countries could be higher since these malicious apps can still be found in third-party app stores. 

How to stay safe from Android trojans and malware

In order to avoid having your Facebook and other credentials stolen by hackers, the first thing you should do is avoid installing apps from unofficial app stores and unknown sources. Sideloading apps is one of the many perks of being an Android user, but it can also be dangerous if you’re not careful.

You also want to ensure that Google Play Protect is enabled on your Android smartphone, as this built-in app can scan any new app you download as well as the other apps you have installed for malware. For additional protection, you might also want to consider using one of the best Android antivirus apps alongside it.

Finally, you need to think carefully before installing any new app on your devices. Sure, Google scans them for malware and viruses before they are uploaded to the Play Store, but bad apps occasionally manage to slip through the cracks. This is why you should read external reviews and look into an app’s developer before tapping the install button.

The Schoolyard Bully Trojan has been active for over four years now, during which time it successfully stole credentials from over 300,000 users. As such, this trojan will likely continue to be used by cybercriminals to steal passwords and accounts from unsuspecting users.

TOPICS
Anthony Spadafora
Managing Editor Security and Home Office

Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
A picture of a skull and bones on a smartphone depicting malware
Hundreds of malicious Android apps with 60 million downloads found spamming Android users with ads and stealing credentials
A smartphone screen displaying the Android name and logo next to a sign reading 'MALWARE'.
Fake Google Play Store pages are spreading Trojan malware that can steal your financial data
Green skull on smartphone screen.
This Android banking trojan steals passwords to take over your accounts — and all it takes is a single text message
Green skull on smartphone screen.
Hackers are using the Amazon Appstore to spread malware — delete this malicious app now
Green skull on smartphone screen.
Over 1 million Android devices infected with password-stealing, pre-installed botnet malware — how to stay safe
An Android bot next to an Android TV remote
Millions of Android TVs hijacked in massive botnet — how to see if yours is at risk
Latest in Online Security
A picture of a skull and bones on a smartphone depicting malware
Hundreds of malicious Android apps with 60 million downloads found spamming Android users with ads and stealing credentials
Malware
Dangerous new password-stealing trojan automatically reinstalls itself on infected PCs
An FBI agent typing on a computer
FBI issues warning to millions of Americans to avoid these websites that can steal your passwords and banking info
A hacker typing quickly on a keyboard
New MassJacker malware is hijacking digital wallets to steal large sums from users
iPhone 15 Pro Max shown in hand
5 iPhone settings you should always shut off — because they’re a security nightmare
A woman using her laptop securely with a cup of coffee in hand
5 common mistakes people make when shopping for antivirus software
Latest in News
NYTimes Connections
NYT Connections today hints and answers — Wednesday, March 19 (#647)
Chromecast with Google TV connected to display
Google finally pushes out full Chromecast fix for users who factory reset — here’s what to do
A picture of a skull and bones on a smartphone depicting malware
Hundreds of malicious Android apps with 60 million downloads found spamming Android users with ads and stealing credentials
Switch 2 console and logo
Nintendo Switch 2 rumor just tipped possible release date — and it's much sooner than we thought
Hacker typing on laptop in darkened room
Hackers create "BRUTED" tool to attack VPNs – how to stay safe
Malware
Dangerous new password-stealing trojan automatically reinstalls itself on infected PCs