Creepy-sounding Facestealer spyware found inside cartoon app with 100,000 Play Store downloads

Kids and apps can be a dangerous combination, as any parent who’s discovereda mountain of IAP charges on their accountcan attest to. And while new tools and safeguards are always becoming available, so too do threats constantly evolve. The innocent-sounding Craftsart Cartoon Photo Tools app was listed on the Play Store for all ages, and while it may have promised harmless fun, it turns out to have been hiding a Facebook credential-stealing Android trojan with a creeptastic name: Facestealer.

Researchers at the French cybersecurity firm Pradeo reportthat the application was downloaded more than 100,000 times before Google removed it from the Play Store on March 22. It probably passed muster in the first place because it worked like similar-looking, genuine photo editing apps — but concealed malicious functions in a small bit of easily-missed code. Once the victim hadCraftsart Cartoon Photo Tools(archived link) on their phone, it would request Facebook login credentials. That might not sound unusual to a user, so the unwary could then enter their information only to have it funneled back to a Russian server, giving the Android app’s operators access to Facebook accounts and any of the vital information so many users have linked to their profiles, like credit or debit card numbers.

4

Facebook login credentials can also be a moneymaker forcybercriminalsselling them on the dark web. With stolen FB info it’s not too hard to commit all vareity of fraud, start distributing phishing lures, or just churn out propaganda on behalf of the highest bidder. Despite the relatively high number of downloads, it doesn’t seem like the app worked well enough to hide that it was seriously flawed. Reviewers showered it with one-star ratings prior to its removal, commenting with warnings that it was fake, barely functional, or didn’t work at all.

If you have the app, delete it immediately and verify to change your Facebook password. Consider a full factory reset for your phone, as well, and stay wary — hidingmalwareand spyware inside innocent-looking apps grows more common all the time, and it’s not always easy to spot the apps behind these attacks.

mi-security-1

The note-taking app I should have used all along

Broader branding hints at wider paid-tier ambitions

Browsers

It’s time to sniff out the culprit

An advanced, compact, purpose-built device

Samsung Notes logo in front of image containing S Pen and devices using Samsung Notes

Boost Mobile sees changes, too

Perfect for all types of devices

Google Home icon with some gadgets around it.