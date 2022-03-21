Craftsart Cartoon Photo Tools is not who it claims to be, so be careful with those applications that as soon as you open them ask you to connect to your social networks or other services.

It seems that the malware has rebounded quite a bit in recent times, surely with the convulsive situation that exists globally as an explanation and with the Internet as a very important point of attack and/or disinformation, which has led us to see malicious applications such as Escobar and RedLine, capable of bypass two-step verification and even hide in YouTube videos.

Today we have another one of these Dangerous applications that appear cyclically on Google Playand the fact is that Pradeo’s colleagues have discovered that an a priori completely harmless application like Craftsart Cartoon Photo Tools, really hides inside a spyware named Facestealer who is capable of stealing us facebook credentials in a simple and almost transparent way for us.

We are not talking about a minor problem, because the truth is that Craftsart Cartoon Photo Tools currently has over 100,000 downloads on Google Playand a simple trick in its interface that involves using social engineering techniques to obtain our Facebook credentials, then establishing connections to a Russian server to send the obtained data.

So that you can identify it correctly, app data on Google Play are the following:

According to the discoverers themselves, the good part is that Google is already notified of the casebut the bad news is that probably of these 100,000 users a huge percentage has been hacked without realizing it, and others still will be in these hours or days it may take for Mountain View to remove the store app. At this time, obviously, it’s still available…

That’s how it works facestealerand this is how cybercriminals collect your data

The truth is that Craftsart Cartoon Photo Tools could at first go through any another harmless photo retouch app with which you can later quickly share your photos on social networksand the reality is that it will be easy for you to be deceived by the way the app works.

And it is that once installed, when you start Craftsart Cartoon Photo Tools we open a Facebook login page that is not suchbut that effectively mimics the window login of the popular Menlo Park social network. This home page is where a code has been entered that goes unnoticed by the protections of Google Play and other app stores, and this code is responsible for collecting our credentials.

Once achieved, the malware connects to Russian servers and sends the datagaining full access to users’ Facebook accounts hacked, including personal detailsphysical addresses, conversations, searches, photographs and even credit cards and other information contained in the social network.

as you will see it’s quite easy to fall for the deceptionbecause Craftsart Cartoon Photo Tools does not work if we do not enter the Facebook credentials, and certainly the page of login false is quite similar which any average user untrained in security techniques would expect. hacking.

According to Pradeo experts this remote domain registered in Russia has been used in the last 7 years intermittentlyand has been connected to multiple mobile applications, all of them malicious and that they ended up being removed from Google Play and other stores.

Cybercriminals end up using victims’ data to commit financial fraud offenses if they have credit cards or other data on Facebook, or also to send links of phishing or spread fake news in a much faster way.

So that, be careful with the applications to which you give your credentials from other servicesand above all, pay attention to the fact that the pages of login be the official ones. It is not easy to see the differences but they always exist, and also these groups of cybercriminals they tend to repackage apps quickly once deleted to continue with their activities.

And urgently, if you have installed Craftsart Cartoon Photo Tools, you must remove it as soon as possible from your smartphones and change the Facebook password as soon as possible… Run, fools!

