HomesecurityAndroid app with malicious code steals Facebook credentials

Android app with malicious code steals Facebook credentials

An Android application found in the Google Play Store states that it is a photo editing application. However, it does contain code that steals Facebook credentials for potentially running ad campaigns on behalf of the user, with their payment details.


See also: Huawei Cloud: Aim for updated malware cryptomining

The application is called "Blender Photo Editor-Easy Photo Background Editor" and has been installed over 5.000 times to date.

Last week, similar malware with more than 500.000 installations was found again in the Play Store.

"Log in" with Facebook does much more than just connect

Like many Android apps, the "Blender Photo Editor-Easy Photo Background Editor" app comes with Facebook login. Apart from that, he also uses your Facebook credentials to do various other things.

Tatyana Shishkova, an Android malware analyst at Kaspersky, discovered the "trojan" app this week, which is still available on the Google Play store.

See also: FontOnLake malware: Targets Linux systems via trojanized utilities

The application contains malicious code, identical to that found in similar "photo editing" applications last week by Maxime Ingrao, security researcher at payment cybersecurity company Evina.

These Android apps require Android users to sign in through their Facebook account to access the app, but then collect credentials via encrypted commands JavaScript which are hidden within the application.

The applications then submit requests to the Facebook Graph API to take a look at the user's Facebook account and search for ad campaigns and saved payment information.

Malware, according to Ingrao, "is very interested in the advertising campaigns you may have done and if you have a registered credit card." This will allow the attacker behind these applications to create their own advertising campaigns via the user's Facebook credentials and linked payment information.

See also: ShellClient Malware: Used in aerospace companies

Android users should be wary of such "photo editing" applications that have recently appeared in the Google Play Store. Those who have already installed any such application should immediately uninstall the application, clean their smartphone and restore their Facebook credentials.

Source of information:

Teo Ehc
Be the limited edition.