This Android Malware Promised Cartoon Filters - Then Stole Hundreds Of Thousands Of Facebook Logins
Android users are, unfortunately, no stranger to the Google Play store hosting malicious software — and the latest piece of compromising software discovered by Pradeo doesn't break this tradition. According to Pradeo, the app in question, called "Craftsart Cartoon Photo Tools," was removed from Google Play on March 22, but was already downloaded and installed more than 100,000 times since it was released and could still be available to download via third-party application stores. This malware, dubbed "Facestealer," connects to a seven year-old web domain registered in Russia that itself has been used multiple times for other harmful apps that were previously uploaded to Google Play.
Pradeo strongly recommends deleting the app immediately if you have it installed on your Android device, or avoiding it entirely if you haven't downloaded it. And as a reminder, it's always worth taking the time to examine an app's details before installing it — especially if it's from an unfamiliar company.
What Facestealer does
As soon as "Craftsart Cartoon Photo Tools" is opened it requires a Facebook login, and you won't be able to access the app unless you enter your info. However, when you do so your account name and password details are transmitted to those responsible for the malware. Those credentials are then used to access your Facebook account, which can lead to a whole lot of other problems. Having full access to your Facebook account gives Facestealer's creators free reign to go over every bit of information tied to it: search history, conversations, friends lists, photos, videos, and possibly even credit card information (if you've stored it). This is, of course, in addition to the other kinds of activity you'd expect from a hacked Facebook account like sending phishing links to friends and family, committing financial fraud, and helping to spread false information around the platform.
If your Facebook account has been compromised by Facestealer (or other forms of malware or even the platform's own security flaws), you should still be able to recover it and regain access. However, it might also be worth considering the option to cut your losses and delete Facebook altogether instead.