A malicious Android app that steals Facebook credentials managed to get into Google Play Store and has already been installed over 100,000 times. The app is called Craftsart Cartoon Photo Tools and claims to be a cartoonifier app where users can upload a photo and convert it into a cartoon.
The app includes FaceStealer trojan that steals Facebook login credentials. Security researchers at mobile security firm Pradeo discovered this malicious app and reported it to Google. He noted that the app displays a Facebook login screen before users can use the app. Once a user enters login details, it is sent to a command and control server.
After Pradeo reported the app, Google removed it from the Play Store. If you are one of those people who installed the app, remote it now and change your Facebook password.
To boost app downloads, the app listing includes h developer’s name as ‘Google Commerce Ltd’. Many people could think it as an app from Google and trust it. The privacy policy is hosted on Blogspot and lists a fake email address for contact.
Google tries a lot but malicious apps manage their way into Google Play Store. So, you should always be careful while installing an app on your phone. Take a proper look at permissions the app asks for and avoid adding confidential information.
