Malicious android app by the name of FaceStealer is stealing Facebook passwords. Google Play Store has slapped a ban on FaceStealer.
A malicious Android app on the Google Play Store has been detected stealing Facebook credentials. Yes! The Google Play app disguised as a cartoonifier app called Craftsart Cartoon Photo Tools allows users to enter their Facebook login credentials and steal their data. Dubbed FaceStealer, trojan was distributed via Google Play Store and third-party app stores! Google Play Store has banned the app, but it may well be on your phone. The trojan has already been installed for over 100,000 times via the Google Play Store. The Android malware makes users upload an image and convert it into a cartoon rendering. This Craftsart Cartoon Photo Tools contains a trojan called Facestealer. It is detected by security researchers and mobile security firm Pradeo. The portal mentioned that the app displays a Facebook login screen that requires users to log in before using it.
According to Jamf security researcher Michal Rajčan, as users enter their credentials, the app sends them to a command and control server at zutuu[.]info [VirusTotal], and steals their data.
In addition to the C2 server, the malicious Android app is also connected to www.dozenorms[.]club URL [VirusTotal] where they forward the data, reported Bleeping Computers.
The portal says that the malicious trojan Facestealer uses social engineering to steal Facebook credentials and makes connections to a Russian server and give spyware full access to victims’ Facebook accounts and all data they contain, such as credit card details, conversations, searches, etc.
The malicious app is distributed through Google Play Store
The FaceStealer app is distributed through Google Play and third-party application stores. It appears like popular legitimate photo editing applications in order to reach a large public and conceal its illegal activities. The app has been injected with a small piece of code that easily passes under the radar of the store’s safeguards.
The malicious app might have a connection with a Russian domain This is not the first time such an app has appeared on Google Play Store. Earlier also Google blocked several android apps from Google Play Store that were believed to be infected with malicious code or malware.