Schoolyard Bully Trojan Campaign

---

Facebook logins from over 300,000 users were stolen in a Trojan campaign lasting nearly four years. Dubbed as Schoolyard Bully, malware hidden in several applications available on both Google Play and third-party app stores.

This Trojan uses Java script injection to steal the Facebook credentials . The malware is designed to steal the email, phone number, Facebook password, ID, and name of its victims, and is hidden in benign-looking educational applications through a legitimate URL inside the WebView.

It uses native libraries to stay hidden from most AV and machine learning detection tools, and to store its C&C data.

Primarily focused on Vietnam, the long-running campaign has been infecting users in 71 countries since 2018. But the actual number of countries could be more than what was accounted for because the applications are still being found in third-party app stores.

Malicious applications continue to flourish in the Android ecosystem, despite Google’s best efforts to police the Play store. Though this application is removed from the official play store, its presence is still found in third party websites

Indicators of Compromise

C&C Servers

• https://bigdata-habn.firebaseio.com
• https://bigdata2-habn.firebaseio.com
• https://bigdata3-habn.firebaseio.com

File hashes

• 28ed05126595cf80bffc652708f5e27031afe4f403cc0a30fff2ba3da7c58edd
• 34ae7cdbfa560481649a072dd6123b7cf1d78a3e5b644da87b4e400c8e729f44
• c7cdcd093b0aaf68cc75e54dd386688b4b8d5528a008504ab6deefb861569319
• 81e3501a2154670941b8f173d7fb8cc7ea84a8e807851e9229ee39a763640ba2
• 8753e75790adacf50c00262c757358efaaae5b6ee03fb317ed445a68da18572c
• fd39986b567a2983dc9d11709af3d314d59453bad5688ad16b27741829e7bced
• 17979aeb52165f5287a0d95f9eb91b73a061c81ac4725b9545609d20fe7203a5
• ca4355c0de893dc7b773f6a5fdaf14c3a2dea5c30f2ca23a9efeacdb0a06555f
• 0cf5f5089cd3d0cc38a9713d0ff6bac1cb4db28c45b827aa88849b729538aa33
• 42c5a8cb4bc4d4e6179ee80b33e3e74bdfbb0c6b8a090241eaa2c5037d764375
• 6dc1c6e803f25d2eb581184921f1df30210b75cb509b9f44af66d3f17e1acd3a
• 508315503c6bfae850fbdb4ab5ebd1e5f53e76eec3cf243601f2774130f49ffe
• bd8972bfe8c63dc96481d80a6192bfe9d4b917111151336673358588e1984cdd
• 7554cfbd45b1964bac115462004d31370a189c5162b3eb9194c4e374a5860c98
• 578f6818cdabb0c9e31dffc453fc0f5b82024ee92ef1439f2840fc7aa9a95dd6
• 2c867ed7ac1bace137c390b2aa19cde011ed997bc69d9f71700d9e099babcfc8
• 0fa1630b69031806ec3798379efdec3a4b3bede49c14547305443d19142066f9
• bbe3d70f7b6df6eb6b58c14b5e487b5320b4f049a524ae47e833152cdb578cec
• 6c683f2c95d01927f09e619961d68ea2379150190113ecb79aefa2541f984095
• 9730ba9539f259cfdb2f1268ba6780e80d4f610aec544044931246bbde71bd02
• c36a408234ccd757e575032ad60e2e62f23f4bd3bb898423a2d65121671e36f5
• 648bd86656cc7994df155e4a68c267de51bc9d59ff05859c5fcc208e413021ed
• a904df0968501d2ea3b225424ac8b05fd70571bbc17aead275715da5dfbbb641
• 90108e6518986d5d837a85dec14cf549e3b637c8ee32b79da47c2832051d3a53
• 00bb1ced41de00aec0a87fa581e66befaf85c7ebfdab4b58426ce7089a0819eb
• d059273dcbcd2aae8b1c3a2910c1d8a03f4f971e40501a2fdf65538f7a84a1a0
• b02d679004b0489d6a2fe0278dc7488385249d9654a1fffbec9fa3eebbabe239
• 03dc3c64b8bd0bbbc9eab77c449609410f679eaeb5ddb3692d8c49648aea9bba
• 3de827f69478621be3bc90b0e7bae29372cda50031cc9f2d58db7764b08308db
• 5844c6b518db1d08c64118a22a759b75939a2ec474d0115cbd2c4356fbf69a0f
• 82e188324ebcbb08cce4245032b0cf4cc1a9d9cbeb77c0715d8b2777ad288bf3
• 7895e5a562dbac11e545cac27cf9b5d7c18a12742b50563f6fe228dbe00dd54f
• 3e61272d250061be418ade0d42983d5711462fdd4fb658ee348ea5bc987f28a5
• aa59ec49971f8e7d4da6cdd2b0107318c3f1f7a9187eee327aff4049b7aa65f5
• 05435ac64cefc1657c646591cb402768c531fb81bb9c38c47e82bbad522cb768
• 19cb5fc1bdb9cb1559ae2d64a0a3c36198e1a1088ce6988f18978b66b1587195
• 42d381996040ea279eab7e894026a5c4d533bf94fd95d5a164ba663763f5798f
• 8952e8b6fa64b4e4ac67005113121bd00bd76a6bb3d5aa93b42cfb786aebb40f
• 5f8d0005746189a9f0680de9bf0dab24148a2336757987fe6ee6e371efe128a0
• ccd011049de0dd3b86a5b9d1339d22ca6d6570e65f5531f0b9d6e61b94e2ed50
• 04556c878265777b5fbebca34c23ceb206a8946a917c397a7655b2388069eb9a
• f553b0db217fe6a8a88c5452a3674b73b24b3f46c945fcb7981f500b5b417a99
• 48176c5d416142a02a69740f0eed9b6d20d0e480e775e4dd065e1cb457d7fbe0
• 0c76a859cb4a55d38643544767fa8609d94ed6d7925e04ef9a3faffb9cbe409c
• fe9467ef5c5c963541155b0a6f6ff8091250c14fb00cc59ccdadd0b03071629e
• fb148eaeb73828bc19a57ba42d28c7faba4dbf344bb1e2a5c3f28c73c12b71f5
• 21d8687f7bae725a8833759606bf93efaabf492bc70e39bc3059d8b8a796994e
• ec856f1b94fa9e7e85da9c87262feda662c586d9f86c3f62371ca122f32fd7f3
• 3f10cd101912f166558ac647c985cb8d09c5a5aec91d6ac5c4323a27bce3be29
• f71f13a21b5168e88f8b6e3dc280fdbda46e36ebd956560766322575843ee8b8
• 3e76fb47db900603942f1e2c23915f5089386c5efcce10b57cb59ebea5e65ca2
• c92d085805c8f50aed9ae446d784715e304666286f037d50115be7f865fd7f90
• 1c208c5baa65d751692a25e850640e60478be7bda93173ee3714fb9dee09c1da
• 177deb64af8a4405a92085ee9fe8a5091610252d7f58935071ab157f9c9eee0f
• 8e61e9cb928a874014475a5d26c2ac7ae21a5bdedc634aff5cfadd50d1524b69
• 39df7849a7f328c50fd29ad796aabaf1dede554d156c0f6bd1e558c8fe16e4ba
• 3fe0f24ae7f41311dbf8df3ce19fa1ecdb42d1809a4a7910b5ca777af2b0e69b
• 17723aefb0e7636fb210e473af9da0ee9dfe361d1bce867ae156b6f992d409b3
• 4cfd83e40138bd655d950b93b1b981be141797b1e4bbb881c811909aa76797e3
• f9cfeb41184c1a6812ae155ea55a1cbf1b88595bb5a0f07f4c4eb9cff711c7a4
• 72608c1a2f6d50de07da71f17ff39f8bdd1f780d3ccf518600bd7b82dad8c15d
• b535bf37383a34eee9b0d9397877d3cff6d5ab49b112fef888105b43bfe5f76d
• 6b8f7ec5cbf0e3e403d3c83790701fabd5536d8b4ef1acf3b1d62c89968d36bf
• 30a69a0d8f26d5a2d02d389aa221434219a8198260c647931e6c04bf829dc850
• 89a9dfa5ea1be3a82cdecf218e67d4b316fbfea0632aac3fb97fff7e3c4b49ca
• 809086a338f74ccf85b3b7d8c4b444130013744ef7a19c350fc99cf31a90d0e2
• 61da7c5f39fc8c328bccecfb7f4519b93184c9f0d326d6a24bbf65e4efca77ee
• 8f752fc5636624a64064fa3198e635c40ec57fb29f56cc80f0b6a0df1f727dc2
• 4e6db03c79874f5210dc8fb69d1bc7605d8cbf9aaf1628e158def5449326d139
• beb27d383b56a5c6b734ce1b9b1a24b5e2e9e72d1be656671a834e3f7a290061
• 7b358dcaf2abe7c604b3e59b10cdd4579e0a37440437bd2b537aa79ef52f1faa
• 96990db70be840b150efd8af24267ccaa731b54a83fb78cd1fd02393fcd71a98
• d086498a2ef0624ea35210c0ce83af7c17be92483dcd54bc97348b4d3f3f8f51
• 2990deb89f8f7896c810bdf2e4fe97bbe328b96d9f5eedce798a984aa7ab3af4
• 8a2b5b532ae19235a230113b9e1126aea8e2c5ac3f7329d75fa76e7c6443497e
• ff94a1c15cb91597d57ad8a30e8b5b2bfdb3dde5bc176f10403dd19ea4d3c6dc
• 7e748c8048d214247ab77958dca58065d40c0fd2d69b4eb64002a5412930eec4
• fe4a08d836280dc72180900582951b32067b94a5c40e3c72653d9e5d9d1059f4
• 525baf96b92bebdd868a87a5a2acf1b2d53c0db316558e2840925e13753ce002
• 8766e9618ce34f7729e5502e51fe6ced982be0279c3d06ff12f0bc0c2ff3e0f1
• 9d6f999f8c39d961ee6d90975e4ca88b741411515bb1752f4d8d1838e57c2fb1
• b5a508093b30d5200f53d86bb2d6dc0d8f40b507321e520b8c2333ca6399d6c9
• d97641007c9c45defaf7c12799d599c9db480cbea0bfa6be42c6d04fd93b9781
• 0ed276129f7e792b848351a456aff3062fa3d288a505ae4a4751853351310e04
• 4c0d00c513dd3f70d030e6056aa32a540fea78eec53448cf161a580ae2033bd2
• 5e9985925da5d28804f97784ac357a0dbae0b078542d623118a454edbd962fee
• dfcc279893369c8b1eebb2fa160253719c39bd989fa67522fcbddc708f88d460
• 2b071229c60e327aab42f91e2acbdbc7c0ef46fa2b5ad8007a0aa54da5bed788
• 2117ff48ffc34e0dc89d242dfa5d73095407f0c9f94114d66e89269958f407f2
• 48d1b5d86bff3eca0667c0f675cf81a17b76b58cdd73966fdd0b7f2662e6d464
• 121d44f2a4781d5c20ecc075549cb413a56e618b3caf7b53a9c6b2daf4c2fbeb
• f694bc992dabfa6c5dda4066b72ea4892ed58eae38e2055162dda5eb61c7e1bd
• a9823713b0c24a4160821640fa530353e57147e04129cac6b6177e91a9cfb9d3
• 52d91fadab1322b62ede9e3f3b5de5e16133f8357942fb4f7e3bc9dafaef39d0
• 720dfadd86293b4b335c01796f307ae8947715ad85ab4da89c003d6d6bf41ad9
• b7354ee83ac6a531e61b3d10e52669839bd2965e055b4566275dc4bc729bb8b4
• c82bfa7688a738846ec9400d8940133e0eca5d5ba7cf6d91568fcc058c478894
• 83bccfb335bda735a721dffcf5308723af685a50ea5f4ebfb62ad15c3c88f1d2
• 4d76ce3efaef5ffb59834f48a2e5fe3f8f093ad038e7fab6cabac34d1eff7437
• 86d91f1c4ff5698002fd2ae627d8f22a2399cafede71a4fa0db045743d53013a
• 7950225f948b9c9755e8f56fe609dd021098c6e24f8b0fa9e08fb7b4a81972c9
• f396794dacdb55e0fb40521f4d177445a94095b81452332d171229631cb64bb0
• d28b448f399b45ef97337d25731f1d78d34609091df345402365ab6641acf88f
• 24c29b93fc25b88ee24051cc615cbf1ad90c49d5217cc7e79b8145d09d3bbf06
• 27afb7ac366867d327e6062cce7b05d568516aa0af6988363848a4118306584d
• 94c627e4d2d127087fccacce353ca374eaec8ffe67d549a315ff4a3e8878f1df
• 0f2227d0c53f28d5301b1438761006b688248e5fc09c23cca2430c0ee4f29746
• d00d6505682ff8676c91f02027984c522630ff5bccb070712628aab47400753b
• 626561481eacd02471253642c98f06f5ef296180f2bdfbbcca107580faa8c7b3
• 11e2be66a9482c65015de9135188a62ebb16e3b3d12b43b007f48c46dd120d75
• b37f5ede534d4b77b7856d860c8fa24f393df02a7ad1c99f9777d096d802ee72
• c0ef915ce28d874cba6725bd164a3f064b425da4badbd7aedd107077f5d8bb57
• c5f2c12264cc64174880b63d4408ecf992cda96b11d9553ec557616b7c07aac4
• cdbe068510d331f78d2597bc5c1e0b7b48f9b606be60c0e0b716ebc7e708dfa0
• 1d2f3800a33062e8189b18c1758bf4a6f32ad49240aa483f1d9369a6429278cb
• 127624793f77665847c0ca9da37ccf157066cf71e075f16117d05bee9a9881c0
• 8c245197d68cd7ed466076091e98fa3521fc19848af78b0dc4d7532a6165e54d
• 9522df8e669d381c695210c9f003f31c81e6624e55db693624bbd7184789e148
• 11a902004451e5c568fc1d215dfb1b651153dbc86b7424d7fff19db2ec558fe2
• b806c1878faef78eefa8373d8843dac9de83cf407e247ce709213bde5bc52ef1
• b9854f7a9fb15cbf3d42889bc5bf7e45d99a9995b47600037cbd3bfc1c26f873
• 97f63fe0f57943f9fca23b53e8b0b9edff8531705ea9417c0ee889ec330bb0dd
• 01e7faf9ecb938add527bf3675f34f2cd399049ff4820722b9b12c5e6cedd9d2
• ded21897681b260b461d2164dad1ba0ef566e128491674d4de3975dc33e0249a
• c1b9bb0da72a5a043bf7351fcfd52682fd27627cd80a0c4f39351401fc68e055
• 1ef22e429ffd77997410e77b5ed770ba1a918c77a32a786464469d4180477826
• e2967ac1e786351223abbce18c8034c04cf5644d56e3352ffc7085fc1329e6d0
• 52bc9aa0165bb92427e3b5b1cfd6d60df7e921d90ed6af4e4a6327d72c5663e2
• c4be5c5c3f953c935b3c13c0be18646678a7bc2c2deaf9e8c7620f3e531d8bf3
• da004fbe911fc71ff0910045f00e323a8bc7f0fe593d3b6b9ebc402ffc4b848e
• 4ae54853f939fe8dcdb56fb4703ca897aff698a2753bfaefce6c2425f002644f
• 679cb4016278c3b7cf15ea7fddc61b24ec68937193db6ddcc1de00968a7ed8fe
• 9eeaa3bf7f275f8048cba9975ec13ca4fdae28c7cffb1faa0d32a3f63c41fcc4
• 32bf601229c1edad1df5deeea24eb3423d10d2e88b2d70269c9cda1fb484ec5c
• 243b7012cea2991aa8c98feac264baca97912bd8d241a8912fe1455e5bedba31
• 266ed4124f393c588c6fba800bb2167805fdd8b729b271ef93feb7467bcd5385
• 898086692f44b5f66ae358869e006184e8add8f14ec3318ef9b0e04367559b26
• 0979ce73ed0e565377808ffa27096d6612ffa9c07f35cfe2889445949e42255d
• 944ffa654838f7e904483e2c441ac72c7e38aeda1758b520ed4d2be39c647d80
• 17a727b860ca713d6b31ae30306db61619836e7bb548c79c3ab49f773b19ac25
• a0f1f95a7cb07db82ce233058c0477e7f18907cb48abecac954121c42077647c
• 4f48793e746af4bcc900ccc5e234aa3bc57b589f0199a1ebe44c9acd1a40deb2
• 187c1f9890341654d948428d527ef6f85661b15c7637ee6f467096899dec004c
• ea00c7ab0167cb944d203740dee7215b6f038310ef93672b9035ef37ea32a4f5
• 790d70c25a0340736e836fce7b2bfe798fedde01e3219faacab200fa831263ee
• 8fa8b0c589740d324068099948c814e77f921c2fec8719718cc455e3e817aa10
• ea93efff15d8c86c758547dc9e6fe0da33699af39652480168085c9a99b3976d
• 829126667ad9737be0b43f589cab3ffc5bd0f1c32a45404156c9c646d7ee88f0
• f5ebee5c86620512ff1a5cf7c12e6b5bf4e4840f48b04d4b968d674a64ae9012
• a5b20a19c356ea5e978c3d07441ae6e376cc43dc0f1a3afdac8fe8ba47dac143
• cc5a1c59a54424dcd66b272536b2c1de671f04cdb038cbf131cfc464032271f2
• 2a958a0caa3f0868e20ef75dab6bd792172158b62d0efbfe7e07084b76ae7fa6
• c7239454fd63c6520563e8627a92c703cfec878c02a61a6199e8850fd3257955
• f7405deb16b5c82b03447d69dc9147542daa370cd5e1cd6929123887b67324eb
• a4f47e70fd7ec2543511267da9d22f82a50b54f997b792b51f68f511ce29e5f5
• 8ba4864eed767f977066f2e5d8370b8620bb9f040dfec3b8b4343f231e987531
• dffd0792b33b27cb2d52c1f2f22cbeb8876c5dee2ed7059f366470a7a502ba39
• 53e795b14b2e4af8ce13eabf0d28d76b23333d6e42d7ef9407a0d3a28b28a4ff
• 449e8b097ec1b2cdf89706a235a920ba1a8e12e9cd38c6b7cc511b486f8bc845
• f1940d77aa8c99a8fbf15389c1e9583c2b809f6d2f46be5ee22dbfa147574ab8
• 34ee6c6ea26b6d644af66b4e8516401ae43e84fb59ca3f0a8f9f06b6c2b8db64
• 5d8f48802e22b66209b6069bae5f4a78758d19aad9b0cef0b4c631b795a4817e
• 3f32844326a40cd81f6477b77751c862747183bcbe8b21e34e7830d701bcd3eb
• 8e1a7c27658cfe4ef4d6514ac47d19fedb3b2ceda21852dc15bdef2aabad80d9
• b17f61b95d8281dab2f3e7d850093dad8cd4ad0c8c77a358ef5a8485d438c637
• 8da3a3086941a733ccca75552b3a30235c2eba87204b0ea1fc4a434f6dcc4525
• 455d5c56bd7c98c48ff70da1d3bd0652b389bac0c6563bce24b6a70f30567d8f
• 4723549cda66970035f3ceb8a4ca447b94d579373206c171e3eceb49ab1881fa
• 491d5ecbb76f3e873d25b84967b6b3afeddd99e9f655c87ba8f44e6369d11318
• 0375aec6be49e2abe3a02e6da9377a12c26b35dc777165d4a8180dd3faed21e7
• 19fc4f33e99b8caa0f3595f4709a31969274a0cf94b0c839e444ff6ebc7461b0
• ff6d585e71cfbf651b556bced3be238361142cf617f72e2c445b1fb768fed5a6
• 9d36caa1e78bbb3a4248bd010c241d9abc98ee116dbd50d8a990b59b7958a7a4
• 1bb40fc528c6fe6143a95a66c59039c75ca42bdec09451f513cb9ce1d5981a74
• a52cb7399661d76fb3dc252dcd6b2004438cb4d20f2961edaa0755b4a71da372