App that stole Facebook data downloaded more than 100,000 times

Share on facebook
Share on twitter
Share on linkedin
Share on reddit

App that stole Facebook data downloaded more than 100,000 times

Security firm Pradeo has discovered a malware app available for download from the Google Play Store. The company reports this in a blog. The Android app, called  Craftsarts Cartoon Photo Tools , tried to steal Facebook logins from users. After contact with the Google Play team, the application was removed from the Play Store on March 22. At that time, more than 100,000 users had already installed the app. Pradeo advises users to uninstall the app immediately.

Craftsart Cartoon Photo Tools app was distributed through Google Play and other app stores. In order to hide its illegal activities and reach a large audience, it mimics the behavior of popular photo editing programs.

App gave cybercriminals access to Facebook accounts

Craftsart Cartoon Photo Tools app would allow users to edit their photos by means of a filter. Unbeknownst to users, the app contained malware. The Android-specific trojan called FaceStealer steals a Facebook account’s credentials through social engineering.

Once a user opens the application, a Facebook login page appears. The app cannot be used until the login details have been entered. After filling in the app, the app automatically passes on the Facebook username and password to the owners of the app; cybercriminals. They can then access the account and use it for phishing, financial fraud, identity theft, or spreading fake news.

Moreover, with the credentials, the criminals have full access to all data on the account, such as personal information, credit card details, search queries, conversations, and more.

Connected to a Russian server

Craftsart Cartoon

Read more

Explore the site

More from the blog

Latest News