Zimperium uncovers Android trojan masquerading as reading and education app

Zimperium, a mobile security firm, is warning of an Android trojan masquerading as reading and education apps that may have stolen Facebook credentials from at least 300,000 users across 71 countries, primarily in Vietnam, since 2018.

Zimperium has named the malware Schoolyard Bully Trojan, and it has been delivered via innocent-looking Android applications hosted on Google Play and various third-party app stores. Despite the fact that Google has removed the malware from its official app store, the malicious applications can still be found on other websites.

It also uses JavaScript injections to display phishing pages designed to trick users into providing their Facebook username and password, which is its primary goal.

The trojan steals these details by using WebView to open a legitimate Facebook login page inside the app and injecting malicious JavaScript to extract the user inputs. The Schoolyard Bully trojan primarily targets Vietnamese language applications, but it has been discovered in 71 countries so far, demonstrating the campaign’s global reach. However, because applications are still being found in third-party app stores, the actual number of countries where Schoolyard Bully is active could be even higher and continue to grow.

The malware hides from the majority of antivirus and machine learning virus detections by using native libraries, and it stores command and control data in a native library called The data is further encoded in order to conceal all of the strings from detection mechanisms.

The sources for this piece include an article in BleepingComputer.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web