The Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) has warned against a malware attack that steals Facebook account credentials also known as “Schoolyard Bully”.
NCC-CSIRT said it had infected over 300,000 android devices, which prompted an advisory reminding user to only download applications from official sites and application stores.
ALSO READ: NCC raises alarm on SMS-based malware used by cyber-criminals
The Director of Public Affairs, NCC, Dr. Reuben Muoka, made this known in a statement on Wednesday, December 14, 2022, in Abuja.
Muoka said that researchers from the mobile security firm, Zimperium, found several apps that transmit the “Schoolyard Bully” malware.
He said school bully disguised itself as reading and educational apps with a variety of books and topics for its victims to study.
Mouka said that the malicious apps were available on Google Play, adding, ”yet they have already been taken down and they still spread via third-party Android app shops.
“The NCC-CSIRT advisory in this regard further recommended that users double-check each application and uncheck boxes that request extra third-party downloads when installing apps downloaded from the Google Play Store.
“And to use anti-malware applications to routinely scan their devices for malware.
ALSO READ: Hackers now use these new methods to unlock, steal vehicles, NCC warns Nigerians
“The primary objective of the malware, which affects all versions of Facebook Apps for Android, is to steal Facebook account information.
“To also steal email address and password, account ID, username, device name, device RAM (Random Access Memory), and device API (Application Programming Interface).”
Mouka quoted NCC-CSIRT as saying: “The (Zimperium) research stated that the malware employs JavaScript injection to steal the Facebook login information.
“The malware loads a legitimate URL (web address) inside a WebView (a WebView maps website elements that enables user interaction through Android View objects and their extensions) with malicious JavaScript injected.
“To obtain the user’s contact information (phone number, email address, and password), then send it to the command-and-control server.”
He said malware uses native libraries to evade detection and analysis by security software and machine learning technologies.
“The CSIRT is the telecom sector’s cybersecurity incidence centre set up by the NCC to focus on incidents in the telecom sector and as they may affect telecom consumers and citizens at large.
“The CSIRT also works collaboratively with Nigerian Computer Emergency Response Team (ngCERT), established by the Federal Government.
“Established to reduce the volume of future computer risk incidents by preparing, protecting, and securing Nigerian cyberspace to forestall attacks, and problems or related events.”
