An Android application found in the Google Play Store states that it is a photo editing application. However, it does contain code that steals Facebook credentials for potentially running ad campaigns on behalf of the user, with their payment details.
The application is called "Blender Photo Editor-Easy Photo Background Editor" and has been installed over 5.000 times to date.
Last week, similar malware with more than 500.000 installations was found again in the Play Store.
"Log in" with Facebook does much more than just connect
Like many Android apps, the "Blender Photo Editor-Easy Photo Background Editor" app comes with Facebook login. Apart from that, he also uses your Facebook credentials to do various other things.
Tatyana Shishkova, an Android malware analyst at Kaspersky, discovered the "trojan" app this week, which is still available on the Google Play store.
The application contains malicious code, identical to that found in similar "photo editing" applications last week by Maxime Ingrao, security researcher at payment cybersecurity company Evina.
The applications then submit requests to the Facebook Graph API to take a look at the user's Facebook account and search for ad campaigns and saved payment information.
Malware, according to Ingrao, "is very interested in the advertising campaigns you may have done and if you have a registered credit card." This will allow the attacker behind these applications to create their own advertising campaigns via the user's Facebook credentials and linked payment information.
Android users should be wary of such "photo editing" applications that have recently appeared in the Google Play Store. Those who have already installed any such application should immediately uninstall the application, clean their smartphone and restore their Facebook credentials.
Source of information: bleepingcomputer.com