NCC issues alert as malware infects over 300,000 Android devices, steals Facebook details

This was disclosed by the Nigeria Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT), adding that the malware has succeeded in stealing the personal details of over 300,000 Android devices globally.

The activities of the malware was reported by the mobile security firm, Zimperium earlier this month and at the onset, had been noticed to target mainly victims in Vietnam, but the security company has confirmed victims of this malware are spread across 71 countries.

“The actual number of countries could be more than what was accounted for because the applications are still being found in third-party app stores” the security firm said.

The malware, Schoolyard Bully which has been active since 2018 has been shared via innocent-looking Android applications hosted on Google Play and various third-party app stores. 

Although the malicious malware has been removed from Google’s official app store, Zimperium has confirmed the malware is still available on other websites.

On the malware’s mode of operation, Zimperium further mentioned that the malware mostly hides inside what appears to be educational applications.

According to The Security Week, the malware, Schoolyard Bully attaches to JavaScript injections where it displays phishing pages designed to confuse and trick users into releasing information about their Facebook username and password.

In this way, cybercriminals and hackers gain information such as Facebook profile name, Facebook ID, and other device details.

The NCC-CSIRT In its latest alert advised Nigerian android users to only patronize official sites and known application stores if they want to download applications.

The NCC-CSIRT further recommended that before downloading or installing any application, users should endeavor to double-check each application and uncheck boxes that request extra third-party downloads.