Last updated on July 28th, 2022 at 01:20 am

It has been determined that Facestealer malware targeting Android users is distributed on Google Play and third-party application stores under the name Craftsart Cartoon Photo Tools.

The Craftsart Cartoon Photo Tools application allows users to upload an image and convert it into a cartoon image. It has been determined that the malware distributed within the application is FaceStealer malware, also called Android/Trojan.Spy.Facestealer.

When users open an application like Craftsart Cartoon Photo Tools, they are greeted with a verification screen that directs them to Facebook. At this point, an injected malicious Javascript code sends the login credentials to a C&C server. Then, on an infected Android device with malware, It captures the user’s Facebook data, such as e-mail address, IP address, credit card information, chat archive and other connected session information.

The malicious piece of code that sends data to the C2 server:

The mobile app imitates the behavior of popular photo editing apps to reach a large audience and ensure confidentiality. In this way, the security measures of the application markets are bypassed. In this context, it is recommended to use MDM software and Anti-Malware solutions, which are corporate mobile device management applications. In addition, it is important to prevent the IoC findings of the pest from the security solutions in use.

android application cyber attack news cyber security news cybersecurity news Facebook Facestealer Google Google Play malicious Malware news hackers security news

Malicious Applications Distributed on Google Play Detected to Target Facebook Accounts

Perspective of the Month | APT Groups

BellaCiao: The New Malware From Iran’s Charming Kitten

Security News Digest | Security Newsletter | April 27, 2023

Cyber Security Trends in 2023: What You Need to Know

We know what hackers know about you

Solutions

Use Case

Partners

Company