Android
Android users: Avoid and delete this app – it’s stealing passwords
Uninstall ‘Craftsart Cartoon Photo Tools’ if you downloaded it

Just a heads up, if you buy something through our links, we may get a small share of the sale. It’s one of the ways we keep the lights on here. Click here for more.
Another malicious app full of Android malware managed to find its way into the Google Play Store.
Android users downloaded ‘Craftsart Cartoon Photo Tools’ over 100,000 times before Google took it off the Play Store.
Found by security researchers at Pradeo, the app has a nasty trojan dubbed ‘FaceStealer.’
The malware tricks you into putting your Facebook login details in, then sends those credentials to a Russian-based server. Yikes.
Your Facebook details aren’t the only thing it wants.
The app can also siphon credit card details, conversations, searches, or almost anything the attacker can take.
READ MORE: Android users: delete these apps – they could be stealing your money

Photo editing apps that cartoonize images are a hot category. Most apps let you use them before logging into an account, but not here.
READ MORE: Google launched its ‘Switch to Android’ app on iOS but with a twist
This credential-stealing malware won’t let you use the actual app without entering your Facebook details.
Why does it need your Facebook login?
BleepingComputer notes that “users have become numb to these login prompts.”
I mean, how many apps want you to use Facebook to log in? It’s an option for many, even if it’s not necessary.
READ MORE: Android users: Delete these apps – they’re harvesting your data
Their report also has some good tips for vetting unknown apps, which we’ll summarize, as all of these points should be considered when downloading apps from unknown developers.
First, check the app’s reviews. If it has a low score or reviews like “doesn’t function” or “totally fake,” it’s not worth downloading.
Next, check the developer’s name.
Here, it’s “Google Commerce Ltd” with a random Gmail address as the developer contact. This should be a red flag on its own.
If there’s a link to the developer’s page, visit it and see if things match the Google Play listing. Any mismatches should be another red flag.
Last, you can always try emailing the developer’s contacts.
Any email that bounces back is the final red flag. No active, trustworthy developer would have a dead email.
With that said, if you have the Craftsart Cartoon Photo Tools app installed on your device, we suggest removing it from your device.
Then, reset your Facebook password, and consider adding two-factor authentication if you don’t already. It never hurts.
Have any thoughts on this? Carry the discussion over to our Twitter or Facebook.
Editors’ Recommendations:
- Android 13: News, features, rumors, leaks, release date, and everything we know so far
- An Android app with 100 million downloads was pulled for spreading malware
- Google now lets you delete the last 15 mins of your search history
- Google Docs now lets you write Gmail messages with others
Follow us on Flipboard, Google News, or Apple News
