أصيبت البرامج الضارة لسرقة كلمة المرور بأكثر من 100,000 المستخدمين عبر متجر Google Play

Security specialists from Pradeo discovered password-stealing malware in the official Google Play Store app store.

The malware masquerades as the Craftsart Cartoon Photo Tools app and has been installed over 100,000 مرات.

The dangerous app prompted users to upload their photos and other images in order to visually stylize them with cartoonish graphics. في الحقيقة, Craftsart Cartoon Photo Tools contains the FaceStealer trojan, which displays the Facebook login screen and requires users to log into an account before they can start.

If the user does not notice the trick and indeed enters his username and password, the application sends them to the attackers’ control server at zutuu[.]معلومات (فيروس توتال). فضلاً عن ذلك, the malware binds to a URL at www.dozenorms[.]club (فيروس توتال), where it sends additional data about the system. This address has already been used for other malicious applications containing FaceStealer.

After entering the Facebook credentials, nothing interesting happens: the application simply uploads the custom image to the color.photofuneditor.com online editor, which applies the desired graphic filter to it. The result will be displayed in the application, and it can be downloaded or sent to friends.

وفق Pradeo المحللين, the author of the app seems to have automated the repackaging process and injected only a small piece of malicious code into a legitimate app. These tricks helped him to bypass the جوجل Play Store verification process.

Let me remind you that we wrote that TeaBot Malware Infiltrates Google Play Store Again, and also that اكتشف الخبراء زينومورف البرمجيات الخبيثة في متجر Google Play.