100,000+ Mobile Downloaders Duped – Facestealer App Hijacks FB Credentials

Published: May 30, 2022 on our newsletter Security Fraud News & Alerts Newsletter.



In a world where cybercrime seems unavoidable, opportunities for becoming the next victim are growing exponentially. Some hackers have success infecting their victims with malware by installing malicious apps on both official Google and Apple App stores. In this case, one such app named Craftsart Cartoon Photo Tools snuck its way onto Google Play Store. Dubbed Facestealer the malware bypassed the Store’s anti-malware efforts and was downloaded onto more than 100,000 Android mobile devices.


Google Play removed the app immediately after being notified of the malware connection. But it wasn’t before over 100,000 users downloaded the hidden spyware, including from third-party app stores. In reality, Facestealer is a spyware that steals a victim’s Facebook (FB) credentials. Also disturbing, Facestealer sends the hijacked FB credentials to a domain registered in Russia.



No one knows just how many more unknowing victims there are out there. One thing is for sure, they’re not aware their mobile device holds a ticking “spyware time bomb” hiding in an app. Users who installed Craftsart Cartoon Photo Tools on their mobile device should delete it immediately.


What Facestealer Steals


Those caught in the Facestealer web are users who open the Craftsart app to have cartoon fun with their photos. Instead, they receive a message saying the user must login to FB to use the app. Unaware it’s a fake, duplicate FB login page, users comply and sign in. From that moment on, FB login data is stolen along with the FB account and all its contents.


Some of that hijacked data includes PII like credit card numbers from purchases made on FB, address, relationships, where you work, where you live, searches you’ve made on FB, and content you’ve shared with others. In the wrong hands, your FB data sets up account compromise, financial fraud, and socially engineered spear phishing attacks targeting the victims contacts and friends.


What You Can Do


This Facestealer hack shows two red flags to be aware of when downloading an app. The first is always read app reviews before downloading. Many of the Craftsart Cartoon Photo Tools reviews had only one star, with others claiming it was some type of scam. Also, be aware of requests to access information and make sure it makes sense to approve. For example, should a cartoon photo editing app require you log-into your FB account to use it? It’s much safer to use a separate login and password for each app, website, or account. In fact, as of May 31, 2022, Google will prevent users from using their Google account to login to third-party apps and sites, unless those sites meet their stricter login policies, for example requiring multi-factor authentication. Remember, when choosing an app to download, choose common sense first.

Keep up to date: Sign up for our Fraud alerts and Updates newsletter

Want to schedule a conversation? Please email us at advisor@nadicent.com

3 views0 comments