Android App Containing Facestealer Trojan Taken Down from Play Store

Another month, another Android app takedown on the official Google Play Store. This time the offender was an application posing as an innocent photo manipulation app, while in reality, it contained dangerous malware that allowed hackers to take complete control over victims' Facebook profiles.

Photo manipulation app hides Facestealer malware

The app in question was named Craftsart Cartoon Photo Tools and claimed to offer users, or rather victims, the ability to turn photos into cartoons. Everyone loves a bit of goofy fun with their photo gallery, which is exactly why this malware-laden app was so successful.

According to researchers with French mobile security company Pradeo, the malicious app was downloaded a whopping 100,000 times before Google stepped in and removed it from the Play Store.

The scary thing about the app is not just the number of times it was downloaded before it was taken down. The more worrying part are the capabilities of the malware that was hidden in the app. The malicious photo tool was loaded with the Facestealer trojan. The name might give you an idea of what the trojan does even if you never heard of it before - it steals your Facebook account.

The damage caused by the malware might be significant, depending on what information was contained in the compromised Facebook account. The Facestealer malware can grab emails, real world addresses, and IPs, as well as phone numbers and even credit card details if those were entered and saved into the Facebook account. The trojan can also access and read all the victim's conversations using Facebook messages.

This is not the first time an innocent-looking app was carrying the Facestealer trojan. There have been other instances in the past where the exact same malicious payload was hidden in other apps that thankfully got fewer downloads.

Facestealer – a repeat offender

Like before, the malicious code containing Facestealer is just a very small piece of the full app. This allows the code to "hide" among legitimate clean code. As researchers pointed out, the app carrying the malware had real baseline photo manipulation functionality, to trick automated detection and users alike.

The fact that a malware-laced app containing dangerous trojans can remain on the Android Play Store long enough for 100,000 users to download it is disturbing, but it is not too clear what Google can do to improve its store security and police it better.

By Zaib
March 22, 2022
Computer Security
English
March 22, 2022
Computer Security

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

5 years ago

What is the OperaGXSetup.exe File and is it Malicious?

11 months ago

Eporner.com And Why Its Excessive Pop-Ups Are Risky

11 days ago

HackTool:Win32/Crack: a Malicious Threat That Can Seriously...

7 months ago

Take Note: Someone Added You As Their Recovery Email Scam

10 months ago

A Potentially Serious Threat: Trojan:Win32/Suschil!rfn

18 days ago

Related Posts

Trojan

Calculadora de Moneda App on Google Play Was Hiding the Malicious Cerberus Trojan

Google has received quite a lot of criticism for letting too much malware on Google Play, and you could say that there's a very good reason for this. Compared to Apple, Google has adopted a much more liberal policy... Read more

July 8, 2020
How To

How to Clear the App Store Cache

If you ever have issues with the App Store on Mac, or with specific software you got from there, you might see that one of the fixes that specialists recommend is to clear the cache. However, how do you clear the App... Read more

March 16, 2022
Trojan

RuRAT Trojan Delivered Through Fake Vuxner Chat App

Cybercriminals are often very creative when it comes to propagating the latest malware to their victims. One of the latest samples of this is the RuRAT, which is being spread through the use of a fake messaging... Read more

March 7, 2022
English
Loading...

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2025 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.