NCC-CSIRT alerts consumers to ‘Schoolyard Bully’ Android malware targeting Facebook credentials

*The Nigerian Communications Commission’s Computer Security Incident Response Team discloses the malware has infected over 300,000 Android devices, stealing Facebook accounts credentials, as the Team warns users to download apps only from official sites and stores to ensure safety in the country’s cyberspace 

Gbenga Kayode | ConsumerConnect

A malware that steals Facebook accounts credentials, known as “Schoolyard Bully”, has infected over 300,000 android devices.

RELATED: Danbatta Restates NCC’s Commitment To Broadband, Consumer Protection, Digital Economy

The Nigerian Communications Commission’s Computer Security Incident Response Team (NCC-CSIRT) has issued an advisory reminding consumers to only download applications from official sites and application stores to ensure cybersafety.

READ ALSO: Regulator Seeks Identification, Elimination Of Sectoral Risks In Telecoms

ConsumerConnect reports the ‘Schoolyard Bully’ trojan is the name of a malicious programme targeting Android Operating Systems (OS).

Mobile security firm Zimperium discovered the Android threat, according to report.

The NCC-CSIRT advisory has further recommended that users double-check each application and uncheck boxes that request extra third-party downloads when installing apps downloaded from the Google Play Store and to use anti-malware applications to routinely scan their devices for malware.

READ ALSO  Cybersafety: NCC-CSIRT Flags Xenomorph Malware, Advises Consumers On Factory-Resetting Of Infected Devices

Mr. Reuben Muoka, Director of Public Affairs, Wednesday, December 14, 2022, stated the advisory noted the researchers from mobile security firm, Zimperium, found several apps that transmit the “Schoolyard Bully” malware, while disguising themselves as reading and educational apps with a variety of books and topics for their victims to study.

The malicious apps were available on Google Play, yet they have already been taken down, stated the NCC-CSIRT.

READ ALSO Anti-Narcotics: Danbatta Appointed NDLEA Special Ambassador

It, however, said they still spread via third-party Android app shops.

How ‘Schoolyard Bully’ Trojan affects Facebook Apps

The Team further disclosed that the primary objective of the malware, which affects all versions of Facebook Apps for Android, is to steal Facebook accounts information, including the e-mail address and password, account ID, username, device name, device RAM (Random Access Memory), and device API (Application Programming Interface).

READ ALSO: How Telecoms Policies Enhance Digital Access, Media And Knowledge Production In Nigeria: Danbatta

The NCC-CSIR said: “The (Zimperium) research stated that the malware employs JavaScript injection to steal the Facebook login information.

“The malware loads a legitimate URL (web address) inside a WebView (a WebView maps website elements that enables user interaction through Android View objects and their extensions) with malicious JavaScript injected to obtain the user’s contact information (phone number, e-mail address, and password), then send it to the command-and-control server.”

RELATED: Telecoms Regulator’s Central Mandate Is To Ensure Consumer Protection ─NCC

It as well said that the  “malware uses native libraries to evade detection and analysis by security software and machine learning technologies.”


The CSIRT is the telecoms sector’s cybersecurity incidence centre set up by the NCC to focus on incidents in the telecoms sector and as they may affect telecoms consumers in particular and Nigerians at large.

READ ALSO Special Report: 2022 WCRD And Consumer Protection Against Market Abuses In Digital Financial Services Ecosystem

The CSIRT also works collaboratively with Nigerian Computer Emergency Response Team (ngCERT), established by the Federal Government to reduce the volume of future computer risk incidents by preparing, protecting, and securing Nigerian cyberspace to forestall attacks, and problems or related events.

Kindly Share This Story