In the world of social media, photo and video editing apps are very popular as everyone is looking to try and make their photos and videos interesting to get more views. This is why it’s not surprising to see more developers coming up with tools that they’re launching in app stores.
Unfortunately, a report from Bleeping Computer has revealed that one of these apps is actually a trojan horse in disguise meant to steal your Facebook login credentials. The app in question is called “Craftsart Cartoon Photo Tools” and was discovered by security research firm Pradeo.
The app advertises itself as being able to transform your photos into cartoon-looking images, something we’ve seen in plenty of other apps, except that this is pretty much malware. Users will need to log into Facebook to use the app, and that’s where it deploys the “FaceStealer” trojan that will then send your login credentials to another server.
One of the reasons why it slipped past Google’s defenses is because the developer automated the repackaging process and injected a small piece of malicious code into the app, allowing the app to make it past the review stage without raising suspicion. The app has since been removed from the Play Store, but not before it was downloaded over 100,000 times.
If you happen to be one of those who downloaded it, you should most definitely delete the app and update your Facebook login credentials before it’s too late.
Source: Bleeping Computer