It has been reported that a newly discovered Trojan has stolen Facebook logins from over 300,000 users in a campaign lasting four years, according to Zimperium. The security vendor claimed to have found the “Schoolyard Bully” malware hidden in several applications available on both Google Play and third-party app stores.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
If you install a malicious info-stealing app on your device, there’s nothing Facebook can do to protect your account from being hacked. Although this was an attack on Facebook users, it does not exploit a Facebook vulnerability. Every Facebook user should set up multi-factor authentication on their accounts to prevent attackers from breaking in, even if they have the password. Unfortunately, Facebook does not require MFA, so many people never turn it on, either out of convenience or ignorance.
Android users should stick to apps on the Google Play Store and avoid third-party app stores and APK download sites. Google Play vets all the apps uploaded to it and ensures you’re getting the authentic, latest version, as opposed to an older vulnerable version or a version corrupted with malware. Google Play isn’t perfect—apps on Google Play were infected with Schoolyard Bully—but it’s better than the alternatives and swift to act when notified of a malicious app.