The app allows users to upload a photo and convert it into a cartoon rendering. It was security researchers and mobile security firm Pradio who discovered a Trojan named FaceStiller inside the Cartoonifier app. The Trojan displayed a Facebook login screen that required users to login before going to the app’s homepage.
It is said that as soon as users enter their credentials, the app gives them access to zutuu[.]info [VirusTotal] sends it to a command and control server, which can then be collected by scammers. The report further states that developers and distributors of such apps often automate the repackaging process and inject a small piece of malicious code into the legacy app. This process allows the app to bypass Google Play Store policies without any red flags.
To use the app, users will first need to enter their Facebook credentials. The app then provides access to limited features, such as uploading a photo to convert it to a graphic. It also allows users to download or share graphic images with friends.
Smartphone users especially those using Android devices should be extra cautious while installing such apps on their devices. Apart from this, they have to be careful in installing such apps which ask for personal information like biometric data.
Things to note before downloading the app
Users should check and verify the app developer before installing the app.
It’s also a good idea to check reviews and ratings. Malware injected apps often include bad reviews. You should avoid installing such apps.
Never share your personal information like name, phone number, address, biometrics etc with any fake app.
Avoid installing apps that ask for access to the microphone, contacts or other data stored on your device.
Install verified apps and always download from trusted app stores Google Play Store or Apple App Store.