There’s a fresh Android warning out this week and all users would be wise to check their most recent downloads from the Google Play. Security experts from Pradeo have discovered a sinister bug that has the ability to steal Facebook credentials which can then give hackers full access to accounts, private conversations and even credit card details.
The app that’s spreading the Facestealer Android trojan has now been banned by Google but not before it amassed over 100,000 downloads.
Called Craftsart Cartoon Photo Tools, the application promised to offer over 95 filters that made snaps shot on smartphone cameras look like fun hand-drawn cartoons.
However, once installed the only way to use it was to enter Facebook login details which were then hijacked and sent to a server in Russia.
As Pradeo explains, “Facebook credentials are used by cybercriminals to compromise accounts in multiple ways, the most common being to commit financial fraud, send phishing links and spread fake news.”
Google takes this type of threat extremely seriously and, once alerted to the threat, the tech giant removed the app from its Play Store with it getting banned on March 22, 2022.
However, if you are one of the thousands who had already installed it then you must remove it immediately.
If you think you entered your Facebook credentials via the app it’s also a good idea to change your password without delay as this will stop any more malicious activity on your account and stop any hackers from continuing to gain access.
How do you change or reset your Facebook password?
• In the top left of Facebook, tap your profile picture.
• Scroll down and tap Settings, then tap Password and Security.
• Tap Change password.
• Type your current and new password and re-type new password, then tap Save Changes.
Attacks on Android have been growing again in recent months with security experts warning attacks have jumped by up to 500 percent in recent months.
The expert team at Proofpoint recently published an in-depth report about the latest attacks and it makes for some terrifying reading if you have an Android smartphone shoved in your pocket.
Perhaps the most concerning are the latest FluBot and TeaBot bugs which are both capable of stealing user names and passwords which can then be used to access bank accounts.
“Most mobile malware is still downloaded from app stores but over the past year or so, we’ve seen an increase in campaigns that use SMS/mobile messaging as their delivery mechanism,” Proofpoint explained in its blog post. “For better or worse, Android takes a more open approach. The platform is open to multiple app stores. And users can easily sideload apps from anywhere on the internet. It’s this last feature that makes the platform popular with bad actors, who know that Android phones can be compromised in just a few steps.”
Published at Sat, 26 Mar 2022 07:12:00 +0000