"100,000 Google Play Users Infected With Android Password-Stealing Malware"

A malicious Android app has been downloaded more than 100,000 times from the Google Play Store. The Android password-stealing malware called FaceStealer is disguised as a cartoonifier app, Craftsart Cartoon Photo Tools. According to security experts and the mobile security firm Pradeo, FaceStealer displays a Facebook login page and demands the user to register before accessing the program. When users submit their credentials, the app sends them to a command-and-control (C2) server, where the attackers then gather the information. The malicious Android application will also connect to a website that has previously been used for advertising other malicious FaceStealer Android apps. The creator and distributor of these apps appear to have automated the repackaging process and injected malicious code inside an otherwise legal application, thus allowing the apps to pass the Play Store screening process without being flagged. The user does not see any functionality when they open the app unless they sign in to their Facebook account. Pradeo has contacted Google about the Craftsart Cartoon Photo Tools app so that it could be removed. Those who have downloaded the app on their devices should uninstall it as soon as possible, reset their Facebook account password, and enable two-factor authentication for an extra layer of security. This article continues to discuss the infection of over 100,000 Google Play users with the FaceStealer Android password-stealing malware. 

CyberIntelMag reports "100,000 Google Play Users Infected With Android Password-Stealer"