New malware is on the prowl and is seen spreading malicious software in disguise of applications meant for teaching, reading, and other education-related activities. In particular, the apps targeted users from Vietnam and infected about 300,000 devices in over 71 countries just to steal Facebook(FB) credentials.
ZIMPERIUM is the firm that conducted the study and discovered the infection in the wild in 2018. The company named the malevolent software “Schoolyard Bully” and Google removed it from its play-store in early 2019.
Surprisingly and as expected, the malware is circulating on Android devices and spreading through 3rd party app stores available on the web.
As of now, Schoolyard Bully is caught infecting Vietnam’s smart device populace, and the reason is unknown. But is discovered stealing FB credentials such as email and passwords, device names, device RAM, Device API, usernames, and account IDs from connected devices operating in over 71 countries.
In other news related to the malware and stealing info from android OS loaded devices, some hackers are found using platform certificates often used by OEM vendors to digitally sign core systems apps.
And if threat actors gain permission for such access, then their developed applications can gain system-level access, allowing them to install or delete packages, manage ongoing calls and messaging, gather data about the device and send it to remote servers.
Lukasz Siekierski, a Reverse Engineer at Google, confirmed the news and added that cyber crooks were seen compromising Samsung, LG, and MediaTek certificates that allow signing Android malware.
Google took measures to keep the OEMs informed about the certification abuse and is urging them to rotate their platform certificates, check for any leaks, and keep a tab of apps that have legible access to their core system platforms.