{"id":186380,"date":"2022-03-22T11:23:21","date_gmt":"2022-03-22T10:23:21","guid":{"rendered":"http:\/\/sftarticles.wpenginepowered.com\/en\/?p=186380"},"modified":"2025-07-01T20:52:26","modified_gmt":"2025-07-02T03:52:26","slug":"malicious-app-stealing-google-play-users-credentials","status":"publish","type":"post","link":"https:\/\/cms-articles.softonic.io\/en\/malicious-app-stealing-google-play-users-credentials\/","title":{"rendered":"Warning about malicious app that\u2019s stealing Google Play users\u2019 credentials"},"content":{"rendered":"\n

A malicious Android app<\/strong> has been discovered on the Google Play<\/a> Store. The app has already been downloaded 100 000 times, and despite warnings that this is a malicious app that steals users\u2019 passwords and other credentials, it\u2019s still available on the store.<\/p>\n\n\n\n

This app is disguised as a cartoonify app<\/strong>, following the popular trend of users wanting to change photos and images into cartoons. The app is called \u2018Craftsart Cartoon Photo Tools\u2019 and allows Android users to upload photos and then convert them to a cartoon version.\u00a0<\/p>\n\n\n\n

The security researchers<\/strong> at Pradeo, a highly respected mobile security firm, discovered a trojan on the app called \u2018FaceStealer.\u2019 This trojan displays a Facebook login screen, and users are forced to sign in before being able to use the app. <\/p>\n\n\n\n

According to another Jamf security researcher, Michal Raj\u010dan, once the users enter their credentials on this fake Facebook login page<\/strong>, the app sends them to a command and control server where the attackers can then collect the data<\/strong>.<\/p>\n\n\n\n

Pradeo explains that the developers or creators of the app have automated the repacking of the app <\/strong>and inserted a small piece of malicious code into an otherwise legitimate app. This small piece of code is difficult to spot, which is probably why it\u2019s taking Google so long to remove the harmful app from the Play Store.<\/p>\n\n\n\n

Since users are so bombarded with login requests<\/strong>, especially when opening new apps, we\u2019ve become desensitized, and often we don\u2019t even think twice before logging in. However, it\u2019s important to be cautious when apps start requesting sensitive information and biometrics.<\/p>\n\n\n\n

Pradeo and other security firms have notified Google of the problem with this app, so it should be taken off the Play Store <\/strong>soon. However, if you\u2019re one of the innocent bystanders who downloaded the app, uninstall it and reset your Facebook account. It\u2019s also not bad to enable two-factor authentication for added protection. Also, be sure to watch out for the SharkBot banking malware discovered in Google Play apps<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

A malicious Android app has been discovered on the Google Play Store. The app has already been downloaded 100 000 times, and despite warnings that this is a malicious app that steals users\u2019 passwords and other credentials, it\u2019s still available on the store. This app is disguised as a cartoonify app, following the popular trend … Continue reading “Warning about malicious app that\u2019s stealing Google Play users\u2019 credentials”<\/span><\/a><\/p>\n","protected":false},"author":9221,"featured_media":186385,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","wpcf-pageviews":0},"categories":[1015],"tags":[2421],"usertag":[],"vertical":[],"content-category":[],"class_list":["post-186380","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","tag-app-subdomain-redirectiongoogle-play-store"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/186380","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/users\/9221"}],"replies":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/comments?post=186380"}],"version-history":[{"count":1,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/186380\/revisions"}],"predecessor-version":[{"id":324211,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/posts\/186380\/revisions\/324211"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/media\/186385"}],"wp:attachment":[{"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/media?parent=186380"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/categories?post=186380"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/tags?post=186380"},{"taxonomy":"usertag","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/usertag?post=186380"},{"taxonomy":"vertical","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/vertical?post=186380"},{"taxonomy":"content-category","embeddable":true,"href":"https:\/\/cms-articles.softonic.io\/en\/wp-json\/wp\/v2\/content-category?post=186380"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}