A MALWARE that steals Facebook account credentials, known as ‘Schoolyard Bully’, has infected over 300,000 android devices.
This has prompted the Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) to issue an advisory, reminding users to only download applications from official sites and application stores.
The advisory recommended that users double-check each application; uncheck boxes that request extra third-party downloads when installing apps downloaded from Google Play Store; and use anti-malware applications to routinely scan their devices.
NCC, yesterday, said researchers from mobile security firm, Zimperium, found several apps that transmit the Schoolyard Bully malware, while disguising themselves as reading and educational apps with a variety of books and topics for their victims to study.
According to the commission, the primary objective of the malware, which affects all versions of Facebook apps for android, is to steal account information, including email address and password, account ID, username, device name, device RAM (Random Access Memory), and device API (Application Programming Interface).
According to NCC-CSIRT, “the (Zimperium) research stated that the malware employs JavaScript injection to steal Facebook login information. The malware loads a legitimate URL (web address) inside a WebView (a WebView map website element that enables user interaction through Android View objects and their extensions) with malicious JavaScript injected to obtain the user’s contact information (phone number, email address, and password), and then sends them to the command-and-control server.
“The malware uses native libraries to evade detection and analysis by security software and machine learning technologies.”
The CSIRT is the telecom sector’s cyber security incidence centre, set up by NCC to focus on incidents in the sector as they may affect consumers.
