
Google Play users need to watch out for this password-stealing Android app
Malicious actors have created an Android app which carried with it a password stealer, and possibly – an identity and biometrics stealer, as “added value”.
Discovered by researchers at security firm Praedo, the “Craftsart Cartoon Photo Tools” promised to “cartoonify” a photo, but inorder to do so, users needed to log into their Facebook account.
However whatever details users provided to the app, (which ironically did appear to sometimes do exactly what it promsied concerning catoonifying images) did not log them into Facebook, but was instead sent to the app devs’ own command and control (C2) server.
Safe sources, unsafe apps
What’s more, all of the images that people provide, do not get “cartoonified” on the endpoint itself, but are rather sent to a third-party server. Users have no way of knowing how long their images will reside on that server, what purpose they’ll server, and if the devs will sell it on the black market.
When Praedo’s analysts first spotted the app on the Play Store, it had more than 100,000 downloads, and was still available for download. Google does now seem to have removed it in the meantime, as the message on the link now says “We’re sorry, the requested URL was not found on this server.”
Micro apps, with limited functionality, that also carry malware or infostealers are quite popular among threat actors, as they allow them to bypass Google’s automated security gateways. Besides photo editors, QR code and barcode scanners are popular features that are often abused.
Google’s Play Store is perceived as a secure app repository, and people often lower their guard when downloading apps from that source. Security experts are warning that despite the source, users should be wary when downloading apps, double-checking app reviews other potential red flags.
“Craftsart Cartoon Photo Tools”, for example, has had an average score of 1.7, and hundreds of negative comments.
More Stories
Western Digital customers urged to update to latest version of My Cloud OS
Western Digital has pushed a new firmware update for its My Cloud OS, fixing a high- severity vulnerability that was...
Microsoft Azure developers targeted with flood of malicious npm packages
More than 200 malicious npm packages were recently removed from the npm registry, security experts have confirmed. The goal of...
Mozilla adds new paid tier for its developer network
Mozilla has launched a new paid subscription service to further support the development of its Mozilla Developer Network (MDN). While developers already...
The Web Foundation wants to kill malicious websites for good
While the web is a wonderful thing, there are those who want to take advantage of users through deceptive design...
Microsoft fixes cause of Windows 10 blue screen of death
If Bluetooth used to cause your Windows 10 computer to crash and greet you with the dreaded Blue Screen of Death (BSOD),...
This Microsoft Teams update will help you make an impact in your next meeting
Microsoft is preparing an update for collaboration platform Teams that should help users maximize the impact of their presentations. As explained in...
Average Rating