apple: this android app is stealing facebook data, be careful – android app is stealing users facebook credentials

new Delhi. When it comes to app development, it would not be wrong to say that Apple’s App Store policy for developers is much stronger than Google Play Store. There have been reports from time to time about new malware/trojans in the form of authentic-looking apps installed by hundreds and thousands of Android users. A new report by Pradio suggests that a Cartoonifier app installed by 100,000 users was stealing Facebook credentials.

App named ‘Craftsart Cartoon Photo Tools’ is no longer available for download. A Google spokesperson told Bleeping Computer that the malicious app has been removed from the Play Store. However, users who still have the app installed on the smartphone should delete it immediately.

The app allows users to upload a photo and convert it into a cartoon rendering. It was security researchers and mobile security firm Pradio who discovered a Trojan named FaceStiller inside the Cartoonifier app. The Trojan displayed a Facebook login screen that required users to login before going to the app’s homepage.

It is said that as soon as users enter their credentials, the app gives them access to zutuu[.]info [VirusTotal] sends it to a command and control server, which can then be collected by scammers. The report further states that developers and distributors of such apps often automate the repackaging process and inject a small piece of malicious code into the legacy app. This process allows the app to bypass Google Play Store policies without any red flags.

To use the app, users will first need to enter their Facebook credentials. The app then provides access to limited features, such as uploading a photo to convert it to a graphic. It also allows users to download or share graphic images with friends.

Smartphone users especially those using Android devices should be extra cautious while installing such apps on their devices. Apart from this, they have to be careful in installing such apps which ask for personal information like biometric data.

Things to note before downloading the app
Users should check and verify the app developer before installing the app.
It’s also a good idea to check reviews and ratings. Malware injected apps often include bad reviews. You should avoid installing such apps.
Never share your personal information like name, phone number, address, biometrics etc with any fake app.
Avoid installing apps that ask for access to the microphone, contacts or other data stored on your device.
Install verified apps and always download from trusted app stores Google Play Store or Apple App Store.