Beware of this malware that acts on a Google Play app and steals your Facebook credentials

The application has more than 100,000 downloads on the Play Store and is capable of stealing your Facebook information due to the presence of malicious malware.
This dangerous banking malware pretended to be an app from the Play Store to read QR codes.
Malware detected in a Google Play app that steals your Facebook credentials.Malware detected in a Google Play app that steals your Facebook credentials.Getty Images/iStockphoto
The Google Play download platform offers a world of possibilities when it comes to downloading all kinds of apps, but you have to be careful, because not all of them are as good as they seem. Specifically, an app has been detected that is capable of stealing your Facebook credentials and that has already been installed more than 100,000 times.

‘Craftstart Cartoon Photo Tools’, which is still available for download, is the application that hides the malware, as reported by Bleeping Computer. The function of this application is to convert an image into a cartoon.

Everything seems to be fine until we notice that within the app there is a screen that simulates the Facebook session and forces you to enter your data, which automatically passes into the hands of cybercriminals who are stealing your credentials using this Trojan covert.

Cybercriminals have impersonated some video game companies in the Microsoft Store.
This malware hides among some of the most popular games on the Microsoft Store. Find out if you have downloaded it
As security researcher Michal Rajcan has explained, when users enter all the data, a command server is sent with which the attackers can then collect the information. The catch in all of this is that users see it very common to enter Facebook credentials and, therefore, this virus does not raise suspicions.

Circumventing the security of Google Play is not an easy task, but, as explained in Padreo’s report, the creator of this malware has put a small malicious code automating the process through a legitimate application, with which it manages to get into in the Play Store without generating any type of alert.

Despite this, there are some ways to detect this type of scam, such as suspecting the fact of having to log in to this type of application or also looking at the comments made by other users. If you have not been able to detect it in time, it is very important that you delete the application as quickly as possible.

Leave a Comment