Malware pencuri kata sandi menginfeksi lebih dari 100,000 pengguna melalui Google Play Store

Helga SmithBerbaris 22, 2022Terakhir Diperbarui: Berbaris 23, 2022
19 1 menit dibaca

Security specialists from Pradeo discovered password-stealing malware in the official Google Play Store app store.

The malware masquerades as the Craftsart Cartoon Photo Tools app and has been installed over 100,000 times.

Password-stealing malware

The dangerous app prompted users to upload their photos and other images in order to visually stylize them with cartoonish graphics. nyatanya, Craftsart Cartoon Photo Tools contains the FaceStealer trojan, which displays the Facebook login screen and requires users to log into an account before they can start.

Android/Trojan.Spy.Facestealer shows the use of an affected system screens that ask for the user’s input and finally the user is shown the Facebook login page and asks to log in. It is supposed that at this point injected malicious javascript steals the login credentials and sends them to a Command & Control server.experts from Malverbytes.Labs talk about the malware.

If the user does not notice the trick and indeed enters his username and password, the application sends them to the attackerscontrol server at zutuu[.]info (VirusTotal). Selain itu, the malware binds to a URL at www.dozenorms[.]club (VirusTotal), where it sends additional data about the system. This address has already been used for other malicious applications containing FaceStealer.

Password-stealing malware

After entering the Facebook credentials, nothing interesting happens: the application simply uploads the custom image to the color.photofuneditor.com online editor, which applies the desired graphic filter to it. The result will be displayed in the application, and it can be downloaded or sent to friends.

Berdasarkan Pradeo analysts, the author of the app seems to have automated the repackaging process and injected only a small piece of malicious code into a legitimate app. These tricks helped him to bypass the Google Play Store verification process.

The researchers warn that while Craftsart Cartoon Photo Tools is still available in the app store, they advise users to pay attention to the reviews of other users before downloading. Anyway, the malware has only 1.7 stars out of five possible, and in the reviews, many warn that the application has limited functionality and requires login via Facebook.

Let me remind you that we wrote that TeaBot Malware Infiltrates Google Play Store Again, and also that Experts discovered Xenomorph malware in the Google Play Store.

Tag
Helga SmithBerbaris 22, 2022Terakhir Diperbarui: Berbaris 23, 2022
19 1 menit dibaca

Helga Smith

Saya selalu tertarik pada ilmu komputer, terutama keamanan data dan tema, yang disebut saat ini "ilmu data", sejak remaja awal saya. Sebelum masuk ke tim Penghapusan Virus sebagai Pemimpin Redaksi, Saya bekerja sebagai pakar keamanan siber di beberapa perusahaan, termasuk salah satu kontraktor Amazon. Pengalaman lain: Yang saya dapatkan adalah mengajar di universitas Arden dan Reading.

Tinggalkan Balasan

Situs ini menggunakan Akismet untuk mengurangi spam. Pelajari bagaimana data komentar Anda diproses.

Tombol kembali ke atas