Facebook warning as malicious Android app steals login details of over 100,000 users

A MALICIOUS Android app has been stealing thousands of smartphone owners' personal data.

Cybersecurity experts are warning Facebook users to remain alert after they uncovered a harmful Android app on the Google Play Store that steals login credentials, according to a new Laptop Mag report.

Access to a user's Facebook account can allow hackers to breach data such as credit card details, conversations, and search history.

French cybersecurity company Pradeo was the first to detect the malware, which is called "Craftsart Cartoon Photo Tools".

The malicious software purports itself as a photo-editing tool but in actuality deploys an Android trojan known as "Facestealer" to gain access to Facebook credentials.

In short, the fraudulent app displays a Facebook login page upon its launch that requires the user to enter their username and password.

Read more on Android

WhatsApp spotted working on new emoji reaction feature for Android users

Once a user does this, their credentials are then instantly copied and transmitted to the hackers.

If a person does not enter their login, the photo app cannot be used and their information stays safe.

Pradeo says that the software is embedded with a small piece of code that was able to bypass Google Store's security.

At present, more than 100,000 users have the app installed onto their devices.

Most read in Tech


Nasa says 'close approach' of asteroid traveling 30,000mph happened on Thursday


Closest photo of the Sun EVER taken reveals incredible secret


Aldi is now selling Apple AirPods for just £99 in shockingly rare deal


Never open iMessage or WhatsApp text from 'friend' that with these four words

However, following a report by Pradeo, the malware has been removed from the Google Play Store, preventing further downloads.

The cybersecurity company noted that the malicious software is connected to a Russian server.

"The application Craftsart Cartoon Photo Tools makes connections to a domain registered in Russia," cybersecurity researcher Roxane Suau said.

"Our research shows that this domain has been used for 7 years on and off, and is connected to multiple malicious mobile applications that were at some points available on Google Play and later deleted."

Read More on The US Sun

Kim fans think star underwent ‘boob job’ after showing off breasts in bra

Suau continued: "To maintain a presence on Google Play, repackaging mobile apps is common practice for cybercriminals. Sometimes, we even observed cases in which repackaging was entirely automated."

Experts advise anyone who has the app downloaded on their device to immediately remove it.

We pay for your stories!

Do you have a story for The US Sun team?

Email us at [email protected] or call 212 416 4552.

Like us on Facebook at www.facebook.com/TheSunUS and follow us from our main Twitter account at @TheSunUS

    Source: Read Full Article