The Craftsart Cartoon Photo Tools application at first glance looks like a photo editing application in general. But this application secretly carries malware that can steal Facebook passwords.
Cybersecurity firm Pradeo discovered the Crafstart Cartoon Photo Tools app was compromised by the FaceStealer trojan. Currently the app has been removed from the Google Play Store, but before it was removed it had been downloaded more than 100,000 times, as quoted from Bleeping Computer.
Once this application is opened, users will not be able to directly use the photo editing features offered. This application will open a fake Facebook login screen and the user must login if they want to use the photo editing feature.
But after logging in, this application will only provide limited features and upload the photos you want to edit to an online photo editor to then add filters. These edited photos can then be downloaded by users to be shared with their friends.
While it looks secure so far, the app secretly sends users' Facebook usernames and passwords to a command and control server in Russia that hackers can collect.
Display of the Craftsart Cartoon Photo Tools application Photo: doc. Pradeo
From there, the malware will retrieve a range of personal information from users' Facebook accounts such as email addresses and IP addresses, phone numbers, chat and message history, credit card details, friend lists, and much more.
In addition, the photo editing process is also carried out on a remote server, not on the user's cellphone, so that user data is vulnerable to being stored, shared, or sold by irresponsible parties. Especially if you often upload selfies for editing, because faces are very sensitive biometric data.
When researched, it turns out that the Craftsart Cartoon Photo Tools application has many red flags, such as a rating of only 1.7 on the Play Store and most of them giving a 1-star rating, the developer name used 'Google Commerce Ltd', and the developer email address using Gmail.
Despite having many red flags, there are still hundreds of thousands of people who are fooled by this application because it is considered safe and has passed Google's review so that it can be available on the Play Store.
Users who have already downloaded this application are advised to delete it immediately. If you have already connected the Facebook account, it is recommended to reset the Facebook account and enable 2FA for added protection.