The Craftsart Cartoon Photo Tools application containing the Android Facestealer trojan has been banned from downloading on Google Play. you downloaded it
All apps that you download and install from Google Play Store on your smartphone are not safe to use. Frequently, we have received reports of several apps containing malware and spyware that can not only steal your personal data but also cause you financial loss. According to the latest information, Pradeo detected a malicious phone application in March which was distributed on Google Play Store and installed by more than 100,000 users.
According to information provided by Pradeo in a blog post dated March 21, 2022, the app called Craftsart Cartoon Photo Tools embeds an Android Trojan called Facestealer that uses social engineering to steal Facebook IDs and connects to a server Russian. The authors who exploit the spyware have full access to the victims’ Facebook accounts and all the data they contain, such as credit card details, conversations, searches, etc.
Pradeo had also alerted the Google Play team to the discovery and advised users to remove the app immediately. It can be noted that the application was removed from the Google Play store on March 22.
Craftsart Cartoon Photo Tools is a mobile application distributed on Google Play and third-party application stores. To reach large audience and conceal its illegal activities, it mimics the behaviors of popular legit photo editing apps. In fact, it was injected with a small piece of code that easily slips under the radar of Play Store saves, the blog informed.
According to the information, as soon as the app is launched by the users, a Facebook login page is opened and they cannot use the app if they do not log in. When they do, their username and password are automatically forwarded to cybercriminals who own the application. Facebook IDs are used by cybercriminals to compromise accounts in several ways, the most common being to commit financial fraud, send phishing links, and spread fake news.
The blog post further stated that the Craftsart Cartoon Photo Tools application establishes connections with a domain registered in Russia. Research by Pradeo shows that this domain has been in intermittent use for 7 years and is connected to several malicious mobile apps that were at times available on Google Play and then removed.