A malware-ridden photo editing Android app has been installed by 100K users through Google Play Store

An app in Google Play Store is reported to infect around 100,000 users by stealing delicate information for instance their Facebook credentials.

A well known android application, as per Pradeo, named "Craftsart Cartoon photo tools" is reported to be infected with a Trojan. Since many of you are aware of this term, but for those who are not familiar, let me explain it first, A Trojan is a malware software or code that deceives the users and results in data loss and even serves out to cause serious damage to the user’s network and device.

In the past few days, an app on Google Play store gained popularity due to its amazing feature of converting human faces into paintings or even cartoons. A lot of people became thrilled to see their animated face and used this app, unaware of the fact that this app carries a little segment of code, that is harmful and very effectively sneaks by the security system of the Google play store's shields and for this reason, making it seem as a safe app to use, without raising any red flags.

But once the user opens this evil intentioned app, the app asks the user to log in to their respective Facebook account to proceed and be able to use the actual app. This is the point where the Trojan becomes active, it spies the login information and also collects the sensitive information such as the images of the user’s face. After collecting the major details, the Trojan then leaks the information to a command and control (C2) server. From this C2 server the attackers are able to gain the spied information.

The cartoonifier app is reported to be linked with a Russian server. And according to some researchers, this server has been used for the past seven years every once in a while and is reported to be coupled with numerous apps on Google app store which are later deleted.

In addition, the designer's name for this app is mentioned under the name of ‘Google Commerce Ltd’, indicating this app is manufactured by Google. But, the given contact details consist of a random email address, which is also a major red flag. Unfortunately, there is nothing we can do to prevent the loss that has already been done, but for future security, people must not install any app on their devices without conducting careful research on that app. For instance, the reviews given by the users for this particular app are quite negative and as a consequence, the total score adds up to only 1.7 stars out of five stars. The people who have this app installed on their devices must straight away uninstall it, and reset their passwords on Facebook accounts. Moreover users must enable the two factor authentication for further security.

Read next: This New Malware Targets People Using Fake Windows Through Unofficial License Activators
Previous Post Next Post