Android Malicious App Steals Over 300,000 Facebook Accounts

Buzz

Ngày cập nhật gần nhất: 15/4/2026

An attack campaign utilizing a malicious Android app aims to pilfer login information from Facebook accounts across 71 countries, particularly targeting users in Vietnam.

Specifically, according to a recent report from Zimperium, these malicious Android apps are crafted as reading and educational apps that have been 'infecting' over 300,000 devices since 2018.

Some apps were used to distribute a trojan named Schoolyard Bully on Google Play in the past, but they have now been taken down. However, the security company also warns that malicious apps may continue to spread through third-party Android app stores.

The reason the trojan is named Schoolyard Bully is to disguise as 'legitimate' educational apps, making it appealing to users. The primary goal of this malicious app is to steal Facebook account login information (email and password), account ID, username, device RAM, and API. Therefore, users should set up security settings and log in to Facebook to protect their accounts from unauthorized intrusion.

The trojan acquires the above information by opening a legitimate Facebook login page within the app using WebView and 'injecting' JavaScript code to extract user input data.

According to Zimperium, JavaScript is introduced into WebView through the 'evaluateJavascript' method. The JavaScript code extracts values of components with 'ids m_login_email' and 'm_login_password', which store the user's phone number, email address, and login password.

The Schoolyard Bully trojan has now infected over 300,000 devices in 71 countries, based on Zimperium's remote data. Additionally, 37 apps associated with this campaign are distributed through third-party app stores. Therefore, the number of victims in this campaign is likely higher than the reported figure.

Users are also cautioned that there may be other malicious Android apps beyond the detected ones, so understanding how to safeguard their Facebook accounts is crucial. Additionally, those responsible for this attack remain unknown.

However, security researchers have been able to determine that this campaign is unrelated to the activities of Flytrap, an organization also engaged in Facebook account theft and focused on Vietnam. Readers can follow the latest updates on this incident on Mytour in upcoming articles.

Frequently Asked Questions

What are the main targets of the malicious Android app campaign?

The main targets of the malicious Android app campaign are Facebook account users, particularly focusing on individuals in Vietnam. The attack aims to steal sensitive login information from these accounts.

How does the Schoolyard Bully trojan steal user information?

The Schoolyard Bully trojan steals user information by opening a legitimate Facebook login page within the app using WebView and injecting JavaScript code to extract login credentials, including email and password, from unsuspecting users.

Are there measures users can take to protect their Facebook accounts?

Yes, users can protect their Facebook accounts by setting up strong security settings, avoiding suspicious apps, and ensuring they only log in through the official Facebook app or website to prevent unauthorized access.

What should users know about the distribution of these malicious apps?

Users should know that the malicious apps are primarily distributed through third-party app stores, even after some were removed from Google Play. This distribution method increases the risk of encountering these harmful applications.

Mytour's content is for customer care and travel encouragement only, and we are not responsible.

For errors or inappropriate content, please contact us at: [email protected]