BEWARE: Android Malware Steals Facebook Credentials, Infects 100,000 Google Play Users — Which App to Avoid?

An Android malware stealing Facebook credentials has infected 100,000 Google Play users via a malicious app. The malicious app in question is known as Craftsart Cartoon Photo Tools.

Specifically, the malicious app is said to be spreading a type of trojan known as FaceStealer, which is best known for stealing Facebook credentials.

It is being recommended to those who have the app in their devices to immediately uninstall it.

Android Malware Steals Facebook Credentials, Infects 100,000 Google Play Users

Want to Save Your Photos Before Deleting Facebook? 7 Easy Steps to Download Your Files
These are simple steps on how to delete a Facebook account without permanently losing all our Facebook photos. CHRIS DELMAS / Getty Images

An Android malware has been stealing Facebook credentials and the app spreading it has infected 100,000 Google Play users.

According to a report by Bleeping Computer, an Android app called Craftsart Cartoon Photo Tools is the one spreading a trojan known as FaceStealer. The app reportedly lets users to upload any image they wish and convert it into a cartoon-like image.

The report says that "security researchers and mobile security firm Pradeo discovered that the Android app includes a trojan called 'FaceStealer,' which displays a Facebook login screen that requires users to log in before using the app."

The user eventually discovers that the app only has limited functionality, which will require them to upload a photo to an online editor. The online editor will make the cartoon-like changes to image, which will then appear in the app. At this point, the user can opt to download the image or share it.

The malicious app steals Facebook credentials by sending the data to a command and control center when users submit their information. It is then sent to another URL.

What is the FaceStealer Trojan?

The FaceStealer malware, otherwise referred to as Android/Trojan.Spy.Facestealer, is defined by Malwarebytes Labs as the "family of Android Trojans that use social engineering to compromise Facebook accounts."

According to Malwarebytes Labs, what it does is it directs the user of the malicious app to a Facebook login page and compels the user to enter the needed credentials. Those credentials are then used to steal the user's data.

It is recommended that users immediately uninstall the malicious app, which in this case is the Craftsart Cartoon Photo Tools. As of press time, Bleeping Computer reports that the app is still on the Google Play Store.

How to Spot Malicious Apps

Bleeping Computer's report offers ways users can detect malicious apps. One which way that will help you determine if the app is a scam or is a malicious is by checking the reviews.

Craftsart Cartoon Photo Tools, for example, has a number of negative reviews that mentions the Facebook login requirement.

It is also recommended that you first look at the developer's information included in the listing. Craftsart Cartoon Photo Tools lists Google as its developer and includes a random Gmail email address.

© 2024 iTech Post All rights reserved. Do not reproduce without permission.

More from iTechPost

Real Time Analytics