Schoolyard Bully Malware attack on over 300,000 Android devices: NCC-CSIRT tells users to download only apps from official sites, stores

Thu, Dec 15, 2022
By editor
2 MIN READ

Politics

A malware that steals Facebook account credentials, known as “Schoolyard Bully”, has infected over 300,000 android devices, prompting the Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) to issue an advisory reminding user to only download applications from official sites and application stores.

The NCC-CSIRT advisory in this regard further recommended that users double-check each application and uncheck boxes that request extra third-party downloads when installing apps downloaded from the Google Play Store and to use anti-malware applications to routinely scan their devices for malware.

Researchers from mobile security firm, Zimperium, found several apps that transmit the “Schoolyard Bully” malware while disguising themselves as reading and educational apps with a variety of books and topics for their victims to study.

The malicious apps were available on Google Play, yet they have already been taken down. However, they still spread via third-party Android app shops.

The primary objective of the malware, which affects all versions of Facebook Apps for Android, is to steal Facebook account information, including the email address and password, account ID, username, device name, device RAM (Random Access Memory), and device API (Application Programming Interface).  

According to NCC-CSIRT, “The (Zimperium) research stated that the malware employs JavaScript injection to steal the Facebook login information. The malware loads a legitimate URL (web address) inside a WebView (a WebView maps website elements that enables user interaction through Android View objects and their extensions) with malicious JavaScript injected to obtain the user’s contact information (phone number, email address, and password), then send it to the command-and-control server. 

Furthermore, malware uses native libraries to evade detection and analysis by security software and machine learning technologies.” 

The CSIRT is the telecom sector’s cyber security incidence centre set up by the NCC to focus on incidents in the telecom sector and as they may affect telecom consumers and citizens at large.

The CSIRT also works collaboratively with Nigerian Computer Emergency Response Team (ngCERT), established by the Federal Government to reduce the volume of future computer risk incidents by preparing, protecting, and securing Nigerian cyberspace to forestall attacks, and problems or related events.

A.

Tags: NCC-CSIRT


Related Posts

Gov. Mbah presents 2025 budget of N971.8bn to House of Assembly

GOV. Peter Mbah of Enugu State has presented 2025 budget of N971.84 billion to the state House of Assembly for...

Read More
Sanwo-Olu lays foundation stone for new Alaba-Rago Transnational Market

GOV. Babajide Sanwo-olu of Lagos State on Tuesday  laid the foundation stone for an ultra-modern Alaba-Rago Transnational Market in Iba...

Read More
Zulum swears in 2 new commissioners

GOV. Babagana Zulum of Borno on Tuesday presided over the swearing-in of two new commissioners to replace those who died...

Read More

Most Read

BusinessCost of training in aviation to rise – AYEP FounderBy editor2 MIN READ
BusinessNDIS7: Nigeria’s N5bn Creative Industry, a goldmine for Diaspora InvestmentBy editor2 MIN READ
BusinessNGO empowers underrepresented communities in domain industryBy editor2 MIN READ
Africa500 barracks women to benefit from DEPOWA free cancer screening – PresidentBy editor2 MIN READ
FeaturedGambari warns of consequences of new Cold WarBy editor2 MIN READ

Subscribe to Our Newsletter

Keep abreast of news and other developments from our website.

Latest Stories

Gov. Mbah presents 2025 budget of N971.8bn to House of Assembly

HPV Vaccine: 380,671 girls vaccinated, 95,993 unvaccinated in Anambra – CHAI

Sanwo-Olu lays foundation stone for new Alaba-Rago Transnational Market