New Facebook Malware Detected

0

 CEM REPORT, ICT | Android users are warned to be aware of a new Malware that steals Facebook account credentials

The malware called “Schoolyard Bully” has reportedly infected over 300,000 Android devices globally.

According to the Nigeria Communications Commission – Computer Security Incident Response Team (NCC-CSIRT), latest advisory, researchers from mobile security firm, Zimperium, found several apps that transmit the “Schoolyard Bully” malware while disguising themselves as reading and educational apps with a variety of books and topics for their victims to study.

The commission noted that the primary objective of the malware, which affects all versions of Facebook Apps for Android, is to steal Facebook account information, including the email address and password, account ID, username, device name, device RAM (Random Access Memory), and device API (Application Programming Interface).

“The (Zimperium) research stated that the malware employs JavaScript injection to steal the Facebook login information. The malware loads a legitimate URL (web address) inside a WebView (a WebView maps website elements that enables user interaction through Android View objects and their extensions) with malicious JavaScript injected to obtain the user’s contact information (phone number, email address, and password), then send it to the command-and-control server.

“Furthermore, the malware uses native libraries to evade detection and analysis by security software and machine learning technologies.”

The NCC-CSIRT advisory in this regard further recommended that users double-check each application and uncheck boxes that request extra third-party downloads when installing apps downloaded from the Google Play Store and to use anti-malware applications to routinely scan their devices for malware.

Additionally, the advisory stated that although the malicious apps available on Google Play has since been taken down. However, they still spread via third-party Android app shops.

The commission advised Nigerian mobile users to only download applications from official sites and application stores.

CEM earlier reported that the NCC’s Computer Security Incident Response Team (NCC-CSIRT) warned Nigerians about other possible cyber attacks. Most recently, it warned about the potential harm of participating in the Invisible Challenge on TikTok.

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments