Facebook alert as malicious Android app steals login credentials from over 100,000 users

A malicious Android app has stolen the personal information of thousands of smartphone owners.

According to a new Laptop Mag report, cybersecurity experts are warning Facebook users to remain vigilant after spotting a malicious Android app on the Google Play Store that is stealing credentials.

1

Access to a user’s Facebook account can allow hackers to crack data such as credit card details, conversations, and search history.

French cybersecurity company Pradeo was the first company to detect the malware, dubbed Craftsart Cartoon Photo Tools.

The malicious software masquerades as a photo editing tool, but in fact deploys an Android Trojan called “Facestealer” to gain access to Facebook credentials.

In short, the rogue app displays a Facebook login page upon launch, which requires the user to enter their username and password.

Once a user does this, their credentials are immediately copied and transferred to the hackers.

If a person does not enter their login, the Photos app cannot be used and their information remains secure.

Pradeo says the software is embedded with a small piece of code that was able to bypass Google Store security.

Currently more than 100,000 users have the app installed on their devices.

However, according to a report by Pradeo, the malware was removed from the Google Play Store, preventing further downloads.

The cybersecurity company found that the malware is connected to a Russian server.

“Craftsart Cartoon Photo Tools application connects to a domain registered in Russia,” said cybersecurity researcher Roxane Suau.

“Our research shows that this domain has been used repeatedly for 7 years and is associated with several malicious mobile applications that were temporarily available on Google Play and were later deleted.”

Suau continued, “In order to have a presence on Google Play, mobile app repackaging is a common practice for cybercriminals. Sometimes we even observed cases where the repackaging was fully automated.”

Experts advise anyone who has downloaded the app on their device to remove it immediately.