A malicious Android app called FaceStealer is stealing Facebook’s password. Google Play Store has banned FaceStealer.
A malicious Android app on the Google Play Store has been found to be stealing Facebook credentials. Yes! The Google Play app, disguised as a cartoonifier app called Craftsart Cartoon Photo Tools, allows users to enter their Facebook login credentials and steal their data. FaceStealer dubbed, distributed by Trojan Google Play Store and third-party app store! The Google Play Store has banned the app, but it may be on your phone. The Trojan has already been installed over 100,000 times by the Google Play Store. Android malware users upload an image and convert it into cartoon rendering. These craftSart cartoon photo tools have a Trojan called Facestiler. It was discovered by security researcher and mobile security firm Pradeo. The portal states that the app displays the Facebook login screen, which requires users to log in before using it.
According to Jamf security researcher Michal Rajcan, while users enter their credentials, the app sends them to the command and control server at zutuu.[.]Information [VirusTotal]And steals their data.
In addition to the C2 server, the malicious Android app is also connected to www.dozenorms[.]Club URL [VirusTotal] Where they forward data, Blipping Computers reported.
The portal claims that the malicious Trojan Facestiler uses social engineering to steal Facebook credentials and build connections to Russian servers, giving spyware full access to victims’ Facebook accounts and accessing credit card details, conversations, searches, etc.
The malicious app is distributed through the Google Play Store
The FaceStealer app is distributed through Google Play and third-party app stores. It looks like a popular legal photo editing app to reach out to older people and hide their illegal activities. Apple has injected a small piece of code that easily goes under the store’s security radar.
The malicious app may have a connection to the Russian domain. This is not the first time such an app has appeared on the Google Play Store. Google has previously blocked a number of Android apps on the Google Play Store that were believed to be infected with malicious code or malware.
