"FaceStealer" hacks your cell, steals credentials - Beacon

Latest

Tuesday, March 22, 2022

"FaceStealer" hacks your cell, steals credentials


A malicious Android app that steals Facebook credentials has been installed over 100,000 times via the Google Play Store, with the app still available to download.

The Android malware is disguised as a cartoonifier app called 'Craftsart Cartoon Photo Tools,' allowing users to upload an image and convert it into a cartoon rendering.

Over the past week, security researchers and mobile security firm Pradeo discovered that the Android app includes a trojan called 'FaceStealer,' which displays a Facebook login screen that requires users to log in before using the app.

According to Jamf security researcher Michal RajĨan, when users enter their credentials, the app will send them to a command and control server at zutuu[.]info [VirusTotal], which the attackers can then collect.

As many apps unnecessarily require users to log in to a server, in many cases Facebook, users have become numb to these login prompts and more commonly input their credentials without suspicion.

As popular and fun as these cartoonifier apps may be, people should be extra cautious when installing software that requires them to input sensitive information such as biometric data (images of their faces).

These apps perform the image alterations and apply filters on a remote server, not locally on the device, so your data is uploaded to a remote location and is at risk of being kept indefinitely, shared with others, resold, etc.

Since the particular app is still on the Play Store, one may automatically assume that the Android app is trustworthy. But unfortunately, malicious Android apps sometimes sneak into Google Play Store and remain until they are detected from bad reviews or discovered by security companies.

However, it is possible to spot scammy and malicious apps in many cases by looking at their reviews on Google Play.

This may seem like excessive scrutiny for each app you install on your smartphone, but it should be the standard checking procedure for inherently risky apps.

However, those who have the app installed on their devices should remove it immediately, reset their Facebook accounts, and enable two-factor authentication for additional protection.







No comments:

Post a Comment