An app containing a dangerous Trojan horse was available for download on Google Play. The app cleverly disguises itself by delivering the functionality it promises. It has been downloaded from Google Play over 100,000 times.
An Android app was distributed via Google Play that specifically steals Facebook account login details on Android devices. the
reported
the US IT security news site Bleepingcomputer.
Facebook credential stealer in Google Play Store @Google Play
Package name: com.craftstoon.cartoonphoto
100,000+ installs
C&C: zatu[.]informationsuspicious site contacted: dozens[.]club
— Michal Rajcan (@RajcanMichal) March 16, 2022
The app is Craftsart Cartoon Photo Tools. This is supposed to allow you to upload a photo and turn it into a cartoon. Google has since removed the dangerous app from Google Play, but it was previously installed more than 100,000 times.
The security company Pradeo had
discovered
that in this application the
Trojan face stealer
It is hidden. Shows a Facebook login screen when the app starts. Users must first enter their Facebook login details to use Craftsart Cartoon Photo Tools. The application then sends the entered login data to a “Command and Control” server in Russia and to other third-party sites.
This is how cleverly malware camouflages itself
The malware represents only a small part of the application’s source code, which is otherwise flawless. Tampered with in this way, the app then passed the Google Play verification process. The app is also cleverly camouflaged when in use: After you’ve entered your Facebook login details, the app offers the option to upload a photo to an online editor. A graphic filter is then applied to the photo there. The image modified in this way is displayed in the application and can be downloaded and sent. So the app seems to work and the user probably doesn’t suspect a thing.
This is what you should do if you have already downloaded the application
Uninstall the app and change your Facebook credentials instantly!
Also, make sure to set up two-factor authentication for Facebook.
How to protect yourself from nasty Android apps
Basically, you just have to download Android apps from Google Play. But in this specific case, even that didn’t protect. So always be very careful when you need to enter your data in an application. Use only popular apps with a wide user base and always read user app reviews on Google Play before downloading. For “Craftsart Cartoon Photo Tools”, for example, these were very negative. Please also read the developer information available on Google Play and check if the email address provided there exists or if your email is being retrieved as undeliverable.
Professional bacon fanatic. Explorer. Avid pop culture expert. Introvert. Amateur web evangelist.
