Fake android app fraudulently helps harvests Facebook credentials


According to a research conducted by a French security firm Pradeo, an app having over 100,000 downloads on Google Playstore was fraudulently involved in harvesting Facebook credentials without the knowledge of the device owner.

The app named ‘Craftsart Cartoon Photo Tools’ was meant to enhance the pictures taken from the mobile and was supposed to transform them into beautiful paintings and animated cartoons.

Wonder how well did it act as per the official claims on the play store? But was found embedding an Android Trojan Malware known as “FaceStealer” into the downloaded machine and was seen harvesting their Facebook credentials through a fake web page.

Pradeo security researchers argue the app was notorious as it was duping victims in the name of a photo editing app and instead injecting a malware code.

On request from Pradeo, the app was removed from the Google Playstore and the developer was banned and asked to contact the technical team of the Alphabet Inc’s subsidiary as they were unaware of the fact that their app was being used as a malware harvester.

In December last year, the same company issued an alert to the world about Joker Malware being distributed through legitimate apps. The malware was seen pushing users into ad frauds and was seen seeking premium mobile services, without the knowledge of the user.

Internet Juggernaut Google is asking its android users not to download apps from internet or illegitimate resources as their device could fall prey to hackers and mobile ransomware gangs.


Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display