Android app downloaded 100,000 times from Google Play Store contained password-stealing malware, security researchers say
Google has removed an app with more than 100,000 downloads from its Play Store after security researchers warned the app was able to harvest smartphone users’ Facebook credentials.
Researchers from French mobile security firm Pradeo said the app embeds an Android Trojan-like malware known as “Facestealer” because it tricks victims into entering their Facebook credentials on a web page that passes credentials to the attacker’s server, which happens to be a domain that was registered in Russia.
If a user adds their credentials, then the creators of the Android app have full access to the victims’ Facebook accounts, including all related payment information, such as credit card details, as well as conversations and user searches, according to Pradeo.
“It mimics the behaviors of popular legitimate photo editing apps. In fact, it’s been injected with a small piece of code that easily slips under the radar of store saves,” Pradeo explains in a blog post.
TO SEE: Best cheap 5G phone 2022: No need to pay flagship prices for quality devices
The ‘Craftsart Cartoon Photo Tools’ app was touted as a tool that allows people to “turn stunning looks from real cameras into paintings and cartoons” using advanced artificial intelligence and machine learning.
However, Android users themselves seem to have detected issues with the app, validating the idea that users should always read reviews before installing an app.
“Totally wrong. The way it was advertised looks useful. So check out some filter effects for any photo,” one user wrote in March. “No cartoon anywhere. Don’t upload,” wrote another.
Once users open the fake photo editing app, it opens a Facebook login page that requires users to log in before they can use the app. The credentials are then passed to the application owner’s server.
Google encourages Android users to only install apps from its App Store. However, research has shown that malicious apps can find their way into the Google Play store. Google confirmed to ZDNet that the app has been removed from the Play Store and the developer has been banned.
Pradeo in December sounded the alarm over the distribution of Joker malware on the Play Store which had been installed by over 500,000 users. This rogue app attempted to scam users through premium mobile services and unwanted advertisements.