Google Play users need to watch out for this password-stealing Android app

By Sead Fadilpašić
last updated

Malicious app found to have more than 100,000 downloads

pixabay | TheDigitalArtist
(Image credit: pixabay | TheDigitalArtist)

Malicious actors have created an Android app which carried with it a password stealer, and possibly - an identity (opens in new tab) and biometrics stealer, as "added value".

Discovered by researchers at security firm Praedo (opens in new tab), the “Craftsart Cartoon Photo Tools” promised to “cartoonify” a photo, but inorder to do so, users needed to log into their Facebook account. 

However whatever details users provided to the app, (which ironically did appear to sometimes do exactly what it promsied concerning catoonifying images) did not log them into Facebook, but was instead sent to the app devs’ own command and control (C2) server.

TechRadar needs yo...

We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.

>> Click here to start the survey in a new window (opens in new tab) <<

Safe sources, unsafe apps

What’s more, all of the images that people provide, do not get “cartoonified” on the endpoint (opens in new tab) itself, but are rather sent to a third-party server. Users have no way of knowing how long their images will reside on that server, what purpose they’ll server, and if the devs will sell it on the black market. 

When Praedo's analysts first spotted the app on the Play Store, it had more than 100,000 downloads, and was still available for download. Google does now seem to have removed it in the meantime, as the message on the link now says “We're sorry, the requested URL was not found on this server.”

Micro apps, with limited functionality, that also carry malware or infostealers are quite popular among threat actors, as they allow them to bypass Google’s automated security gateways. Besides photo editors, QR code and barcode scanners are popular features that are often abused.

Read more

> The Google Play Store is littered with dangerous trojans (opens in new tab)

> Malware removal on Android: how to clean up your smartphone (opens in new tab)

> That Android antivirus could actually be malware (opens in new tab)

Google’s Play Store is perceived as a secure app repository, and people often lower their guard when downloading apps from that source. Security experts are warning that despite the source, users should be wary when downloading apps, double-checking app reviews other potential red flags.

"Craftsart Cartoon Photo Tools", for example, has had an average score of 1.7, and hundreds of negative comments. 

Via: BleepingComputer (opens in new tab)

Sead Fadilpašić
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

See more Computing news