Malicious Android App Infects 100,000

Have you ever downloaded a fun app to your phone that allows you to edit your photo into an avatar, meme, or possibly a cartoon? If so, you probably didn’t even think twice about it. Many of us trust that the Apple Store or Google Play Store has vetted all of the apps for sale and trust that they are safe. Unfortunately, that is not the case, and recently there was an app on the Google Play store that installed malware and stole over 100,000 users’ Facebook passwords. Were you a victim?

This app provided some functionality, so it appeared to be a legitimate application. This allowed it to sneak into the Google Play store. The application’s “selling purpose” was to turn your photo into a cartoon rendering. In order to do this, the user was required to upload a photo of themselves and also log in to Facebook. Unfortunately, this is not an unusual request, and so at least 100,000 users followed suit. Now, the developer has a photo and log-in credentials saved from these users.

How do you avoid downloading malicious applications? We have to learn to do our own due diligence. There were many signs that this app was not as intended, although the users needed to do more than just click download. To begin, we should all be wary anytime an application has requested a photo and, more importantly, requires you to log in to an external application. That should be your first red flag. Next, the reviews for this application were not favorable. It only had 1.7 stars out of 5, and still, at least 100,000 users downloaded it. Finally, the Developer’s name was “Google Commerce Ltd,” indicating it was developed by Google, although the email address associated with the developer was Susnnaooysh @ This specific application’s name was “Craftsart Cartoon Photo Tools.” If you fell victim, don’t feel badly, although you do need to delete it and be sure to change your Facebook password as well as any other applications with the same password. That password is officially compromised.

This malicious app has since been taken down, although it caused a great deal of damage, and I can guarantee that this is not the only one. It is critical to question any applications, emails, and phone calls that request credentials. If you ever question any request, trust your gut and dig deeper. In addition, always reach out to your Pendello Solutions team with any cyber security concerns. It is always better to catch something earlier rather than later.