2022-03-22
App first presents screen with Facebook login prompt which redirects to real Facebook login page https://twitter.com/...
BleepingComputer
A malicious cartoon rendering Android app that steals Facebook credentials was installed 100K+ times before it was removed from the Google Play Store
A malicious Android app that steals Facebook credentials has been installed over 100,000 times via the Google Play Store, with the app still available to download.
When credentials are used, app contacts C2 and sends encrypted data in requests' body Field “fn” then contains credentials https://twitter.com/...
BleepingComputer
A malicious cartoon rendering Android app that steals Facebook credentials was installed 100K+ times before it was removed from the Google Play Store
A malicious Android app that steals Facebook credentials has been installed over 100,000 times via the Google Play Store, with the app still available to download.
Facebook credentials stealer in Google Play Store @GooglePlay Package name: com.craftstoon.cartoonphoto 100,000+ installs C&C: zatuu[.]info contacted suspicious site: dozenorms[.]club
BleepingComputer
A malicious cartoon rendering Android app that steals Facebook credentials was installed 100K+ times before it was removed from the Google Play Store
A malicious Android app that steals Facebook credentials has been installed over 100,000 times via the Google Play Store, with the app still available to download.