Android Malware Stolen Facebook Credentials From 300,000 Victims

To steal the private information of the user, the Trojan opens the legitimate URL inside a WebView injected with the malicious javascript that extracts the user’s data from the browser. With the help of the following IDs, the values of the elements are dragged by the javascript code:-m_login_emailm_login_passwordSeveral anti-virus programs and machine intelligence programs are unable to detect the malware because of its native libraries. In addition to those apps found by Zimperium’s researchers, Zimperium warns that there is probable to be more behind this campaign than the ones that have been reported.