100,000 Google Play Users Infected With Android Password Stealing Spyware

100,000 Google Play Users Infected With Android Password Stealing Spyware

According to Jamf security researcher Michal Rajčan, when users enter their credentials, the app will send them to a command and control server at zutuu[.]info [VirusTotal], which the attackers can then collect. In addition to the C2 server, the malicious Android app will connect to www.dozenorms[.]club URL [VirusTotal] where further data is sent, and which has been used in the past to promote other malicious FaceStealer Android apps. As Pradeo explains in its report, the author and distributor of these apps appear to have automated the repackaging process and inject a small piece of malicious code into an otherwise legitimate app.

A malicious Android software that steals Facebook passwords has been downloaded more than 100,000 times through the Google Play Store, and the programme is still accessible for download. The Android infection is disguised as the ‘Craftsart Cartoon Photo Tools’ cartoonifier software, which allows users to submit an image and transform it into a cartoon depiction. Security researchers and mobile security firm Pradeo found last week that the Android app has a trojan known as ‘FaceStealer,’ which displays a Facebook login page and demands users to check in before accessing the app.

This helps the apps get through the Play Store vetting procedure without raising any red flags. As soon as the user opens it, they are not given any actual functionality unless they log in to their Facebook account. However, once they log in, the app will provide limited functionality by uploading a specified image to the online editor, http://color.photofuneditor.com/, which will apply a graphics filter to the picture. This new image will then be displayed in the app, where it can be downloaded by the user or sent to friends.

As many apps unnecessarily require users to log in to a server, in many cases Facebook, users have become numb to these login prompts and more commonly input their credentials without suspicion. As popular and fun as these cartoonifier apps may be, people should be extra cautious when installing software that requires them to input sensitive information such as biometric data (images of their faces). These apps perform the image alterations and apply filters on a remote server, not locally on the device, so your data is uploaded to a remote location and is at risk of being kept indefinitely, shared with others, resold, etc.

Since the particular app is still on the Play Store, one may automatically assume that the Android app is trustworthy. But unfortunately, malicious Android apps sometimes sneak into Google Play Store and remain until they are detected from bad reviews or discovered by security companies. However, it is possible to spot scammy and malicious apps in many cases by looking at their reviews on Google Play.

As you can see below, the user reviews for ‘Craftsart Cartoon Photo Tools’ are overwhelmingly negative, totaling a score of only 1.7 stars out of a possible five. Furthermore, many of these reviews warn that the app has limited functionality and requires you to sign in to Facebook first. Secondly, the developer’s name is ‘Google Commerce Ltd’, which indicates it is is developed by Google. Also, the listed contact details include a random person’s Gmail email address, which is a big red flag. We have visited the developer’s page, hosted on Blogspot, to read the project’s privacy policy, and we found a different email address there, so there’s even a mismatch.

 

The News Highlights

  • 100,000 Google Play Users Infected With Android Password Stealing Spyware
  • Check the latest update on Security news
  • .

Disclaimer: If you need to edit or update this news from compsmag then kindly contact us Learn more

For Latest News Follow us on Google News


Latest Headlines
  • Show all
  • Trending News
  • Popular By week
Paytm launches general insurance joint venture and plans to invest Rs 950 crore in ten years
Paytm launches general insurance joint venture and plans to invest Rs 950 crore in ten years
Initially, One97 Communications (OCL) will hold a 49 per cent stake in PGIL while the rest of the 51 per cent stake is to be owned by OCL’s managing ...
ATM services have been restored in some Afghan areas for the first time since the Taliban took over.
ATM services have been restored in some Afghan areas for the first time since the Taliban took over.
“Da Afghanistan Bank has been working hard to restore normalcy to the banking system. Part of those efforts included reactivating ATMs “A representative for ...
IOC's Bach says Russia ban is about saving athletes, not punishing them
IOC’s Bach says Russia ban is about saving athletes, not punishing them
Russian soccer is challenging those decisions and others at the Court of Arbitration for Sport, and Bach’s speech Friday will likely be echoed by defense ...
US STOCKS-Wall Street closes substantially lower as Target and Growth stocks fall
US STOCKS-Wall Street closes substantially lower as Target and Growth stocks fall
Interest-rate sensitive megacap growth stocks added to recent declines and pulled the S&P 500 and Nasdaq lower. Amazon , Nvidia and Tesla Inc dropped ...
In FY23, Wheels India will invest Rs 155 crore
In FY23, Wheels India will invest Rs 155 crore
According to company managing director Srivats Ram, Wheels India reported a nine per cent rise on its net profit during the quarter ending March 31, 2022 at ...
CNG prices increased by Rs 2 per kilo;  rates increased by Rs 19.60 per kilo in just two months
CNG prices increased by Rs 2 per kilo; rates increased by Rs 19.60 per kilo in just two months
However, the rates of gas piped to household kitchens, called piped natural gas (PNG), remain unchanged at Rs 45.86 per scm. City gas distributors have been ...
Ship with relief materials from India to Lanka will arrive in Colombo on Sunday
Operation to save missing workers resumes
A labourer was killed and three others rescued when the audit tunnel of T3 on the highway near Khooni Nallah In Jammu and Kashmir’s Ramban district caved in ...
PGCIL's fourth quarter net income increased by 18% to Rs 4,156 crore
PGCIL’s fourth quarter net income increased by 18% to Rs 4,156 crore
Its total income during January-March increased to Rs 11,067.94 crore compared to Rs 10,816.33 crore recorded in the corresponding period of FY21. The ...
The economic crisis in Sri Lanka offers an opportunity for India's tea sector
The economic crisis in Sri Lanka offers an opportunity for India’s tea sector
Satish Mitruka, another trader and tea garden owner from Siliguri, said that if the Indian market expanded more then it will be a boon for the ailing ...
Ship with relief materials from India to Lanka will arrive in Colombo on Sunday
Ship with relief materials from India to Lanka will arrive in Colombo on Sunday
“People of #India, standing by their bretheren in #SriLanka. Rice, milk powder and medicines worth more than SLR 2billion is scheduled to reach #Colombo on ...
Show next
We will be happy to hear your thoughts

Leave a reply

Compsmag - Latest News In Tech and Business
Logo