100,000 Google Play Users Infected With Android Password-Stealing Malware 

100,000 Google Play Users Infected With Android Password-Stealing Malware 

The Google Play Store has seen over 100,000 downloads of a malicious Android app that steals Facebook passwords, and the program is still accessible for download. The Android malware is camouflaged as the ‘Craftsart Cartoon Photo Tools,’ a cartoonifier software that allows users to submit a photograph and convert it into a cartoon depiction. 

According to security experts and mobile security firm Pradeo, the Android app has a trojan named ‘FaceStealer,’ which displays a Facebook login page and demands users to register before accessing the program. 

The Jamf security expert Michal Rajčan said that when users submit their credentials, the app sends them to a command-and-control server at zutuu[.]info [VirusTotal], which the attackers may then gather. The malicious Android application will also connect to the www.dozenorms[.]club URL [VirusTotal], which has previously been used for advertising other malicious FaceStealer Android apps, in addition to the C2 server. 

The creator and distributor of these apps appear to have automated the repackaging process and injected a small bit of malicious code inside an otherwise legal application, as per Pradeo’s report. This allows the apps to pass the Play Store screening process without being flagged. The user is provided no genuine functionality when they open it unless they sign in to their Facebook account. 

However, after users log in, the app will only offer limited functionality by uploading a specific image to the online editor http://color.photofuneditor.com/, which will add a graphical filter to the image. This updated image will then appear in the app, where the user may download it or share it with others. Because many programs demand users to check in to a server that isn’t always necessary, such as Facebook, users have become accustomed to these prompts and are more likely to provide their credentials without suspicion. 

No matter how popular or entertaining these cartoonifier applications are, people should be cautious when installing software that asks them to provide sensitive information like biometric data (images of their faces). These applications modify pictures and apply filters on a distant server rather than locally on the device, putting your information in danger of being held forever, shared with others, resold, and so on. 

Since the Android app is still available on the Play Store, it is safe to conclude that it is reliable. Unfortunately, harmful Android applications may sometimes find their way into the Google Play Store and remain there until they are discovered by security organizations or by poor reviews. In many circumstances, though, checking at a scammy or harmful app’s evaluations on Google Play might help you identify it. 

Pradeo has contacted Google about the Craftsart Cartoon Photo Tools app’s nature, so it should be removed soon. However, those who have the application installed on their devices should uninstall it as quickly as possible, reset their Facebook accounts, and use two-factor authentication for additional security. 

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.