A malware-infested Android photo-editing app has been installed by 100,000 users via Google Play Store/Digital Information World

An app from the Google Play Store allegedly infects around 100,000 users by stealing sensitive information, for example their Facebook credentials.

A well-known Android application, according to Pradeo, named “Craftsart Cartoon photo tools” would be infected with a Trojan horse. Since many of you are familiar with this term, but for those who are unfamiliar with it, let me first explain it, a Trojan horse is malicious software or code that tricks users and leads to loss of data and even serves to cause severe damage to the user’s network and device.

In recent days, an app on Google Play Store has gained popularity due to its amazing feature of converting human faces into paintings or even cartoons. Many people became delighted to see their animated face and used this app, ignoring the fact that this app contains a small segment of code, which is harmful and sneaks very effectively through Google Play Store’s shield security system and for this reason, making it a safe app to use, without raising any red flags.

But once the user opens this malicious app then the app asks the user to log in their respective Facebook account to proceed and can use the real app. This is when the Trojan becomes active, it spies on login details and also collects sensitive information such as user’s facial images. After collecting the main details, the Trojan then leaks the information to a command and control (C2) server. From this C2 server, attackers can get the snooped information.

The cartoonifier application would be linked to a Russian server. And according to some researchers, this server has been used from time to time over the past seven years and is associated with many apps on Google App Store which are later removed.

Also, the name of the developer of this application is mentioned as “Google Commerce Ltd”, indicating that this application is made by Google. But, the contact details provided consist of a random email address, which is also a major red flag. Unfortunately, there is nothing we can do to prevent the loss that has already been committed, but for future safety, users should not install any app on their devices without thoroughly researching that app. For example, the reviews given by users for this particular app are quite negative and hence the total score is only 1.7 out of five stars. People who have installed this app on their devices should immediately uninstall it and reset their passwords on Facebook accounts. Additionally, users should enable two-factor authentication for added security.

Read next: This new malware targets people using fake windows via unofficial license activators

Jack C. Nugent