This Google play store app banned! Delete from your phone now
Not every app you download and install from Google Play Store on your smartphone is safe to use. Frequently, we have been receiving reports claiming several applications containing malware and spywares that can, not only steal your personal data, but also cause you financial loss. As per the latest information, Pradeo had detected a malicious phone app in the month of March that was being distributed on Google Play Store and was installed by 100,000+ users.
According to the information provided by Pradeo in a blog post dated March 21, 2022, the application called Craftsart Cartoon Photo Tools embeds an Android trojan called Facestealer that uses social engineering to steal Facebook credentials and makes connections to a Russian server. Perpetrators leveraging the spyware have full access to victims' Facebook accounts and all data they contain, such as credit card details, conversations, searches, etc.
Pradeo had also alerted the Google Play team of the discovery and advised users to delete the app immediately. It can be noted that the application was removed from the Google Play store on March 22.
The Craftsart Cartoon Photo Tools is a mobile application distributed on Google play and third-party application stores. To reach a large public and conceal its illegal activities, it mimics the behaviors of popular legitimate photo editing applications. In fact, it has been injected with a small piece of code that easily slips under the radar of Play Store's safeguards, the blog post informed.
As per the information, as soon as the application is launched by users, a Facebook login page is opened and they cannot use the application if they do not log in. When they do, their username and password are automatically transmitted to cybercriminals that own the application. Facebook credentials are used by cybercriminals to compromise accounts in multiple ways, the most common being to commit financial fraud, send phishing links and spread fake news.
The blog post further informed that the application Craftsart Cartoon Photo Tools makes connections to a domain registered in Russia. The research by Pradeo shows that this domain has been used for 7 years on and off, and is connected to multiple malicious mobile applications that were at some points available on Google Play and later deleted.