Google removed an app from the Play Store after finding it harbored malware. Not the first time the app has been downloaded more than 100,000 times and has been able to steal mobile users’ Facebook login credentials. Researchers at French mobile security firm Pradeo have revealed that the app, called Craftsart Cartoon Photo Tools, contains a version of the Android Trojan malware called Facestealer.
Like similar malicious apps, Craftsart Cartoon Photo Tools performs some of its promised functions. It converts photos into cartoon or drawing-style images — there are many apps that do the same thing — although some reviews say it just adds a filter to the image. However, it included a small piece of code that could steal a user’s Facebook login credentials to gain access to their account and any other services that might reuse the same login/password.
The app does this by directing users to a legitimate Facebook mobile login page when opened, but “injected malicious JavaScript” will steal the login credentials and send them to a command-and-control server. The Russian-registered domain the app connects to has been used intermittently for seven years as a command-and-control address for multiple malicious Android apps.
The stolen credentials can be used to access Facebook accounts and all the personal information they contain. Hackers may also try to trick victims’ friends by sending them false information. Cybercriminals use Facebook credentials to compromise accounts in a number of ways, the most common being to commit financial fraud, send phishing links and spread fake news.
We are seeing more and more malicious apps evading Play Store safeguards and being downloaded hundreds of thousands of times. They often do this by mimicking the functionality of popular apps and outright masking the small amount of malicious code they contain.
The best way to avoid these malicious apps is to check the app reviews. In fact, many who downloaded Craftsart Cartoon Photo Tools assumed it was a fake app or some kind of scam — it also has a 2.1-star rating — but it still managed to get over 100,000 downloads.