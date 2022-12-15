FCT, Abuja - The Nigerian Communications Commission's Computer Security Incident Response Team (NCC-CSIRT) says over 300,000 android devices have been compromised due to the viral malware "Schoolyard Bully" that steals Facebook account credentials.

According to a statement made available to Legit.ng on Wednesday, December 14, NCC-CSIRT says to ensure the effective use and gratification of android devices, users must download applications at the appropriate app stores and websites.

Research confirmed that over 300,000 android devices have been compromised due to the viral malware "Schoolyard Bully". Photo: Rafael Henrique, Odd Andersen

Source: Getty Images

As part of the advisory notification, android users are further urged to adopt the use of verified and trusted anti-malware applications to help checkmate all the various applications on their mobile android device.

Legit.ng gathered that Zimperium, a mobile security company embarked on research that discovered several applications that transmit the "Schoolyard Bully" malware while disguising themselves as reading and educational apps with a variety of books and topics for their victims to study.

The research also discovered that some of these applications were available in Google Play Store and were taken down but still spread via third-party Android app shops.

PAY ATTENTION: Share your outstanding story with our editors! Please reach us through info@corp.legit.ng!

Damages of malware to android devices

As contained in the statement, malware causes damage to all version of Facebook, and steal all the valuable information required to gain full access to the Facebook account.

The NCC-CSIRT revealed that the Zimperium also uncovered that malware uses JavaScript injection to steal Facebook login information.

It is said that the malware appears like the usual legit URL inside a WebView with malicious JavaScript injected to obtain the user's contact information (phone number, email address, and password), then send it to the command-and-control server.

Furthermore, malware uses native libraries to evade detection and analysis by security software and machine learning technologies.”

The CSIRT is the telecom sector’s cyber security incidence centre set up by the NCC to focus on incidents in the telecom sector and as they may affect telecom consumers and citizens at large.

The CSIRT also works collaboratively with Nigerian Computer Emergency Response Team (ngCERT), established by the Federal Government to reduce the volume of future computer risk incidents by preparing, protecting, and securing Nigerian cyberspace to forestall attacks, and problems or related events.

Source: Legit.ng