Facestealer Spyware Fooled 100K+ Users On Google Play Store

Once again, a security threat has appeared to remind Android users to avoid downloading apps from unknown developers. Researchers caught a malicious app distributing “Facestealer” spyware on the Google Play Store that successfully targeted thousands of Android users.

Facestealer Spyware Appeared On Play Store

Elaborating the details in a recent blog post, researchers from Pradeo stated how the Facestealer spyware targeted Android users globally.

In brief, the malware appeared on the Google Play Store as a fake photo-editing app. Named “Craftsart Cartoon Photo Tools,” the app also surfaced online on third-party app stores simultaneously. Thus, while it displayed over 100,000 downloads on Play Store, the actual count of affected users might be higher.

The app exhibited the functionalities of legit photo-editing apps to trick users. After downloading the app, it required the user to sign in via Facebook to use the app. However, it contained a piece of malicious code that served as spyware. This stealthy trick allowed the app to evade Play Store security checks.

When the user would sign in via Facebook, the malware would forward the login credentials to the attackers, thus giving them complete control of the target users’ Facebook accounts. Consequently, the threat actors could exploit the profiles for any malicious purposes, highlighting some of them, the researchers stated,

Facebook credentials are used by cybercriminals to compromise accounts in multiple ways, the most common being to commit financial fraud, send phishing links and spread fake news.

Investigating the app further made the researchers trace the app’s link to a Russian domain previously connected to similar malicious apps.

Google Removed The Malicious App

At the time of discovery, the malicious app had attracted over 100,000 downloads on the Play Store. That means the spyware successfully targeted a considerable number of Android users.

Following Pradeo’s report, Google removed the malware from the Play Store. Nonetheless, the threat won’t be over unless users of this app ensure removal of it from their devices. Also, out of caution, users must reset their Facebook account credentials to prevent further abuse of their profiles.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients