Connect with us

Android

Android users: Avoid and delete this app – it’s stealing passwords

Uninstall ‘Craftsart Cartoon Photo Tools’ if you downloaded it

google play store logo with blurred background on android
Image: KnowTechie

Another malicious app full of Android malware managed to find its way into the Google Play Store.

Android users downloaded ‘Craftsart Cartoon Photo Tools’ over 100,000 times before Google took it off the Play Store.

Found by security researchers at Pradeo, the app has a nasty trojan dubbed ‘FaceStealer.’

The malware tricks you into putting your Facebook login details in, then sends those credentials to a Russian-based server. Yikes.

Your Facebook details aren’t the only thing it wants.

The app can also siphon credit card details, conversations, searches, or almost anything the attacker can take.

READ MORE: Android users: delete these apps – they could be stealing your money

screenshots of malicious android app craftsart cartoon photo tools
Image: KnowTechie

Photo editing apps that cartoonize images are a hot category. Most apps let you use them before logging into an account, but not here.

READ MORE: Google launched its ‘Switch to Android’ app on iOS but with a twist

This credential-stealing malware won’t let you use the actual app without entering your Facebook details.

Why does it need your Facebook login?

BleepingComputer notes that “users have become numb to these login prompts.”

I mean, how many apps want you to use Facebook to log in? It’s an option for many, even if it’s not necessary.

READ MORE: Android users: Delete these apps – they’re harvesting your data

Their report also has some good tips for vetting unknown apps, which we’ll summarize, as all of these points should be considered when downloading apps from unknown developers.

First, check the app’s reviews. If it has a low score or reviews like “doesn’t function” or “totally fake,” it’s not worth downloading.

Next, check the developer’s name.

Here, it’s “Google Commerce Ltd” with a random Gmail address as the developer contact. This should be a red flag on its own.

If there’s a link to the developer’s page, visit it and see if things match the Google Play listing. Any mismatches should be another red flag.

Last, you can always try emailing the developer’s contacts.

Any email that bounces back is the final red flag. No active, trustworthy developer would have a dead email.

With that said, if you have the Craftsart Cartoon Photo Tools app installed on your device, we suggest removing it from your device.

Then, reset your Facebook password, and consider adding two-factor authentication if you don’t already. It never hurts.

Have any thoughts on this? Carry the discussion over to our Twitter or Facebook.

Editors’ Recommendations:

Click to comment
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments

More in Android

0
Would love your thoughts, please comment.x
()
x