App that stole Facebook data downloaded more than 100,000 times
Security firm Pradeo has discovered a malware app available for download from the Google Play Store. The company reports this in a blog. The Android app, called Craftsarts Cartoon Photo Tools , tried to steal Facebook logins from users. After contact with the Google Play team, the application was removed from the Play Store on March 22. At that time, more than 100,000 users had already installed the app. Pradeo advises users to uninstall the app immediately.
Craftsart Cartoon Photo Tools app was distributed through Google Play and other app stores. In order to hide its illegal activities and reach a large audience, it mimics the behavior of popular photo editing programs.
App gave cybercriminals access to Facebook accounts
Craftsart Cartoon Photo Tools app would allow users to edit their photos by means of a filter. Unbeknownst to users, the app contained malware. The Android-specific trojan called FaceStealer steals a Facebook account’s credentials through social engineering.
Once a user opens the application, a Facebook login page appears. The app cannot be used until the login details have been entered. After filling in the app, the app automatically passes on the Facebook username and password to the owners of the app; cybercriminals. They can then access the account and use it for phishing, financial fraud, identity theft, or spreading fake news.
Moreover, with the credentials, the criminals have full access to all data on the account, such as personal information, credit card details, search queries, conversations, and more.
Connected to a Russian server
Craftsart Cartoon Photo Tools app connects to a domain registered in Russia. This domain has been in use intermittently for seven years, according to research by Pradeo. It is connected to multiple rogue mobile apps that were available through Google Play at certain times. Pradeo reports that cybercriminals often “repackage” mobile apps to maintain a presence on Google Play. The company even discovered cases where this process was fully automated.
The malware used consists of a small piece of code in the app, which makes it easy to stay under the radar of the Google Play team.
In the blog, Pradeo does not report how many users have actually entered their Facebook data. The company does show a screenshot with mostly negative reviews that users have left.
Multiple apps with malware in Play Store
It happens more often that rogue apps slip through the security of the Google Play Store. For example, it turned out at the end of last year that infected apps were offered on the Google Play Store for six months. In total, they have been downloaded more than 300,000 times. An SMS scam was also revealed in which several malware-infected apps were downloaded more than 10.5 million times worldwide.
Criminals skillfully capitalize on hypes. For example, for a while, malware masquerading as a Squid Game wallpaper app was circulating. With this, cybercriminals took advantage of the popularity of the Netflix series Squid Game.
Catch up on more articles here
Follow us on Twitter here