When we install an app from an official app store, we may think that we are protected from viruses and threats, but this is not always the case.
Over the last few years we have seen a lot of mobile malware, and Android, being more open than iOS, is more susceptible to these issues. It is the price that must be paid.
Now Pradeo informs us that a new mobile application has been detected with the Facestealer virus inside, an application distributed on Google Play and installed by more than 100,000 users. This is Craftsart Cartoon Photo Tools.
At the moment the app is still on Google Play, but Pradeo has already informed the Google Play team to remove it from the list. If by chance you have it installed, remove it from your mobile and change your Facebook password, also closing all open sessions.
How Facestealer works
The Facestealer Trojan uses social engineering to steal Facebook credentials, sending the data to a Russian server. This software is capable of spying on what we do on Facebook, including recording credit card details, conversations, searches, and more.
It is not the first time that we see a dangerous app mimicking the behavior of popular photo editing applications, they are capable of doing the same as others, but they have a small piece of code that causes the problem. Opening the app opens a Facebook login page and you can’t use the app if you don’t log in. Many users are used to that with Facebook, but in this case the username and password are sent to cybercriminals.
The goal is to commit financial fraud, send phishing links and spread fake news, so if any app asks for Facebook login and password, ignore it.