100,000 Facebook login credentials stolen by photo editing app
Spyware is the bane of mobile device users. The appearance of malware on a smartphone is often difficult to detect, and the capabilities that these dangerous programs possess are expanding. Unwitting users of an innocent-looking app can share information about their credit card numbers, bank account logins and passwords, details of conversations with loved ones, or search history. The recipients of this sensitive data are, of course, cybercriminals who use it in a number of ways.
Innocent looking apps can be very dangerous
Spyware apps usually have two strengths. Firstly, they look harmless, secondly, they can be downloaded from the official Google Play stores for Android and App Store for iOS.
There is no shortage of bona fide users who want to download apps to improve their security, find out about VPNs what an app is, or install antivirus software. An app with a VPN virtual private network service may look like an official program from a reputable company, but only be an overlay for software that provides protection and contain malware. Fake VPN application available e.g. in Google Play is imitated by a trojan of a legitimate application already published in the official store. Before pressing the “Download” button, it is advisable to read the app’s review and avoid free apps by opting for proven premium apps.
There is also no shortage of programs that look like dating apps and, using psychological tricks – building a relationship with the victim, persuade users to make transfers or share their bank details. For this illegal operation to succeed, cybercriminals collect as much data about their victim as possible to inspire trust and convince them to make a transfer.
The case of Craftsart Cartoon Photo Tools
One of the most insidious apps, which was not only widely available on Google Play, but also operated as a legitimate photo editing app, was Craftsart Cartoon Photo Tools, which could turn your photo into an eye-catching drawing in just a few moments. Encouraging and eye-pleasing photo makeover effect and high popularity among social media users, including Facebook, made more than 100,000 users decide to install it on their phone.
After a thorough analysis of the app’s code by cybersecurity firm Pradeo, it was discovered that the app not only steals Facebook login credentials, but also connects to servers located in Russia, contains a trojan called Facestealer, and has a piece of code that is not visible to Google Play store security. The moment a user logs into an app with his or her Facebook credentials, they are immediately passed on to hackers. Currently, the app is no longer available on Google Play.
Transfers money without user’s knowledge
Hackers are getting more inventive, and researchers ds. Cyber security researchers regularly discover new ways for them to intercept sensitive smartphone user data. An extremely dangerous malware is SharkBot, which features automatic data transfer system, automatic filling of fields e.g. in mobile banking apps and initiate money transfers from attacked devices without the user knowing or having to confirm the transaction.
To make this possible, as soon as the infected app is installed, SharkBot immediately tries to enable the accessibility service of the Android device using fake pop-ups. The infected device will keep displaying fake pop-ups until the user accepts them. SharkBot was also shown to have a very low detection rate.
Consequences of leaking sensitive data
Trojans hiding in mobile applications act quickly, invisibly and painfully. First of all, they steal all the user data they can get – from logins and passwords to social media accounts, e-mail addresses and phone numbers of friends, IP addresses, conversation history, up to bank account data and credit card numbers.
Once hackers gain access to this data, it can have serious consequences for you. Cybercriminals may use Facebook login details to send phishing links, share fake news or commit financial fraud, e.g. through scams.
How to protect yourself from malicious applications?
Can mobile device users protect themselves from spyware that looks like an innocent and safe app at first glance? Above all, every smartphone owner should take matters into their own hands and apply the criterion of limited trust to every new application they want to install on their phone.
It is worth starting by reading reviews of each application, because already at the stage of comments from other users may appear hints about the reliability of the program. It is the people using the application who are able to raise the alarm and question the need to log into their social media accounts or bank accounts in order to run the application.