A malicious Android app has been discovered on the Google Play Store. The app has already been downloaded 100 000 times, and despite warnings that this is a malicious app that steals users’ passwords and other credentials, it’s still available on the store.
This app is disguised as a cartoonify app, following the popular trend of users wanting to change photos and images into cartoons. The app is called ‘Craftsart Cartoon Photo Tools’ and allows Android users to upload photos and then convert them to a cartoon version.
The security researchers at Pradeo, a highly respected mobile security firm, discovered a trojan on the app called ‘FaceStealer.’ This trojan displays a Facebook login screen, and users are forced to sign in before being able to use the app.
According to another Jamf security researcher, Michal Rajčan, once the users enter their credentials on this fake Facebook login page, the app sends them to a command and control server where the attackers can then collect the data.
Pradeo explains that the developers or creators of the app have automated the repacking of the app and inserted a small piece of malicious code into an otherwise legitimate app. This small piece of code is difficult to spot, which is probably why it’s taking Google so long to remove the harmful app from the Play Store.
Since users are so bombarded with login requests, especially when opening new apps, we’ve become desensitized, and often we don’t even think twice before logging in. However, it’s important to be cautious when apps start requesting sensitive information and biometrics.
Pradeo and other security firms have notified Google of the problem with this app, so it should be taken off the Play Store soon. However, if you’re one of the innocent bystanders who downloaded the app, uninstall it and reset your Facebook account. It’s also not bad to enable two-factor authentication for added protection. Also, be sure to watch out for the SharkBot banking malware discovered in Google Play apps.
