A Sham Android App Has Stolen Facebook Passwords Of 100,000 Users Via Google Play
You cannot use the app until you feed it your Facebook credentials. Even after you give the credentials, the app displays very limited functionality and is rather shoddy
A malware that steals passwords has infected over 100,000 Google Play users on Android.
The malicious app is called "Craftsart Cartoon Photo Tools" and has been installed about 100,000 from the Google Play Store. It sneakily steals Facebook credentials of a user.
Disguised as a cartoonifier app, it lets users upload images to turn them into cartoon-like pictures.
How the app works
Last week, security researchers and security firm Pradeo found that the Android app carries a Trojan called "FaceStealer" which displays a login screen for Facebook - requiring users to sign in before using the app.
App first presents screen with Facebook login prompt which redirects to real Facebook login page pic.twitter.com/atUGp2BCfS
¡ª Michal Raj?an (@RajcanMichal) March 16, 2022
When users put in their Facebook credentials, the app sends these details to a command and control server zutuu[.]info [VirusTotal]. The data is collected from attackers then, Jamf security researcher Michal Raj?an said on Twitter.
In addition to this server, the app connects to another URL - www.dozenorms[dot]club where more data is sent. In the past, this URL has been used to promote other malicious FaceStealer apps on Android.
Also read: Android Users Can Now Delete Last 15 Minutes Of Search History: Here's How
The creators of this app have inserted a small piece of malicious code into an app that otherwise looks legit. The worst part is perhaps that the app was able to escape checks on Google Play owing to this reason. You cannot use the app until you feed it your Facebook credentials. Even after you give the credentials, the app displays very limited functionality and is rather shoddy.
Before downloading apps on the Google Play Store, make sure to read the comments below, to check the contact information of the developer, and to run a quick search on them to ensure you're not downloading a virus.
Also read: Android Users Can Finally Listen To Voice Notes On WhatsApp While Responding To Texts
Have you been a victim of such malicious apps on Android? Let us know in the comments below. For more in the world of technology and science, keep reading Indiatimes.com.
References
Toulas, B. (2022, March 21). Android password-stealing malware infects 100,000 Google Play users. BleepingComputer.