Connect with us


Android users: Avoid and delete this app – it’s stealing passwords

Uninstall ‘Craftsart Cartoon Photo Tools’ if you downloaded it

Google play store logo with blurred background on android
Image: KnowTechie

Another malicious app full of Android malware managed to find its way into the Google Play Store.

Android users downloaded ‘Craftsart Cartoon Photo Tools’ over 100,000 times before Google took it off the Play Store.

Found by security researchers at Pradeo, the app has a nasty trojan dubbed ‘FaceStealer.’

The malware tricks you into putting your Facebook login details in, then sends those credentials to a Russian-based server. Yikes.

Your Facebook details aren’t the only thing it wants.

The app can also siphon credit card details, conversations, searches, or almost anything the attacker can take.

READ MORE: Android users: delete these apps – they could be stealing your money

Screenshots of malicious android app craftsart cartoon photo tools
Image: KnowTechie

Photo editing apps that cartoonize images are a hot category. Most apps let you use them before logging into an account, but not here.

READ MORE: Google launched its ‘Switch to Android’ app on iOS but with a twist

This credential-stealing malware won’t let you use the actual app without entering your Facebook details.

Why does it need your Facebook login?

BleepingComputer notes that “users have become numb to these login prompts.”

I mean, how many apps want you to use Facebook to log in? It’s an option for many, even if it’s not necessary.

READ MORE: Android users: Delete these apps – they’re harvesting your data

Their report also has some good tips for vetting unknown apps, which we’ll summarize, as all of these points should be considered when downloading apps from unknown developers.

First, check the app’s reviews. If it has a low score or reviews like “doesn’t function” or “totally fake,” it’s not worth downloading.

Next, check the developer’s name.

Here, it’s “Google Commerce Ltd” with a random Gmail address as the developer contact. This should be a red flag on its own.

If there’s a link to the developer’s page, visit it and see if things match the Google Play listing. Any mismatches should be another red flag.

Last, you can always try emailing the developer’s contacts.

Any email that bounces back is the final red flag. No active, trustworthy developer would have a dead email.

With that said, if you have the Craftsart Cartoon Photo Tools app installed on your device, we suggest removing it from your device.

Then, reset your Facebook password, and consider adding two-factor authentication if you don’t already. It never hurts.

Have any thoughts on this? Carry the discussion over to our Twitter or Facebook.

Editors’ Recommendations:

Follow us on Flipboard, Google News, or Apple News

Maker, meme-r, and unabashed geek with nearly half a decade of blogging experience. If it runs on electricity (or even if it doesn't), Joe probably has one around his office somewhere. His hobbies include photography, animation, and hoarding Reddit gold.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Deals of the Day

  1. Meta Quest 2 Virtual Reality Headset - $249.99 (17% off)
  2. Fitbit Charge 6 - $99.95 (save $60)
  3. Try Apple TV+ for FREE and watch all the Apple Originals
  4. Save $300 on a Segway at Best Buy, now $699
  5. Lenovo 14" IdeaPad Flex 5i Chromebook Plus Laptop - $379 (24% off)
  6. HP DeskJet Printer with 3 months of Instant Ink included from HP+ - $84.99 (save $45)

More in Android