The Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) has issued an advisory about malware known as “Schoolyard Bully” which has infected over 300,000 Android devices.
The advisory warns users to only download applications from official sites and application stores, and to use anti-malware applications to scan devices for malware.
Researchers from mobile security firm Zimperium discovered several apps that transmitted the malware while disguised as reading and educational apps. The apps were available on Google Play, but have now been removed. However, the malware continues to spread via third-party Android app stores.
The primary aim of the malware is to steal Facebook account information, including email and password, account ID, username, device name, device RAM, and device API. It employs JavaScript injection to steal login information and sends it to a command-and-control server.
The malware also uses native libraries to evade detection and analysis by security software and machine learning technologies. The NCC-CSIRT works collaboratively with the Nigerian Computer Emergency Response Team (ngCERT) to reduce the volume of future computer risk incidents.
