Malicious Applications Distributed on Google Play Detected to Target Facebook Accounts

Malicious Applications Distributed on Google Play Detected to Target Facebook Accounts

It has been determined that Facestealer malware targeting Android users is distributed on Google Play and third-party application stores under the name Craftsart Cartoon Photo Tools.

The Craftsart Cartoon Photo Tools application allows users to upload an image and convert it into a cartoon image. It has been determined that the malware distributed within the application is FaceStealer malware, also called Android/Trojan.Spy.Facestealer.

news 1 Brandefense

When users open an application like Craftsart Cartoon Photo Tools, they are greeted with a verification screen that directs them to Facebook. At this point, an injected malicious Javascript code sends the login credentials to a C&C server. Then, on an infected Android device with malware, It captures the user’s Facebook data, such as e-mail address, IP address, credit card information, chat archive and other connected session information.

The malicious piece of code that sends data to the C2 server:

news 2 Brandefense

The mobile app imitates the behavior of popular photo editing apps to reach a large audience and ensure confidentiality. In this way, the security measures of the application markets are bypassed. In this context, it is recommended to use MDM software and Anti-Malware solutions, which are corporate mobile device management applications. In addition, it is important to prevent the IoC findings of the pest from the security solutions in use.

Share This: