Malware disguised as an Android application, distributed on the Google Play Store, has already been installed on at least 100,000 devices, as revealed by the mobile security company Pradeo on Monday (21). The malicious agent is able to steal Facebook passwords and transmit them to a Russian server.
Dubbed “FaceStealer”, the malware was found by the firm’s experts in the app Craftsart Cartoon Photo Tools, a seemingly harmless photo editor. When installing the program on the cell phone, it asks the user for the credentials of their Facebook profile, to release the promised resources.
Once logged in, the user can edit the images with special filters and share them with friends, but at the same time provide their username and password to cybercriminals. This information is automatically sent to a domain registered in Russia, which is already used in other malicious apps, according to the researchers.
With the data in hand, attackers can access victims’ accounts and commit all kinds of fraud, from impersonating the real owners of the profiles and asking for money from acquaintances to spreading fake news and sending phishing links. Card number, conversations, surveys and other stored details are also compromised.
App is still available on the Play Store
Although those responsible for detecting the FaceStealer trojan have alerted Google about the risks present in the Craftsart Cartoon Photo Tools app, it can still be found on the Play Store and downloaded normally. The deletion should happen soon, after the Mountain View giant looks into the case.
The tip for anyone who has already downloaded the malicious app is to remove it from the phone immediately. In addition, it is recommended to change your Facebook password if you have provided your login details for the photo editor, and enable two-factor authentication for greater protection.