It won’t be wrong to say that Apple’s App store policies for developers are much stronger than those of the Google Play Store. Time and again, there have been reports about new malware/ trojans in the form of authentic-looking apps, installed by hundreds and thousands of Android users. A new report from Pradeo suggests that a cartoonifier app, installed by 1,00,000 users, was stealing Facebook credentials.
The app that goes by the name ‘Craftsart Cartoon Photo Tools’ is no longer available for download. A Google spokesperson informed Bleeping Computer that the so-called malicious app has been delisted from the Play Store. However, users who still have the app installed on their smartphones should immediately delete it.
The app in question lets users upload a photo and convert it into a cartoon rendering. It was the security researchers and mobile security firm Pradeo that discovered a trojan called FaceStealer within the cartoonifier app. The trojan reportedly displayed a Facebook login screen that required users to log in before getting to the homepage of the app.
It is said that, as soon as users enter their credentials, the app sends them to a command and control server at zutuu[.]info [VirusTotal], which the scammers can later collect. The report further noted that the developer and distributor of such apps oftentimes automate the repackaging process and inject a tiny piece of malicious code into an otherwise legitimate app. This process allows the app to bypass the Google Play store’s policies without raising any red flags.
For using the app, users are first required to enter their Facebook credentials. The app then provides access to limited features, like uploading a photo to turn it into a graphic. It also allows users to download or share the graphic image with friends.
Smartphone users, especially the ones using an Android device, should be extra cautious when installing such apps on their devices. More so, they should be careful about installing apps that ask for sensitive information like biometric data.
Tips to consider before downloading an app
-Users should check and verify the app developer before installing an application.
-It is also a good idea to check reviews and ratings. Malware ingested apps often include bad reviews. You should avoid installing such apps.
-Never share your personal information like name, phone number, address, biometrics, and more with any spurious applications.
-Avoid installing apps that ask for access to microphones, contacts, or other data stored on your device.
-Always install apps verified ones -- from a reliable app store Google Play Store or Apple App store.
No comments:
Post a Comment
Welcome To My Blog.