Facestealer, a dangerous spyware, is back on the Google Play Store. Detected by Trend Micro researchers, the malware managed to infect 200 apps available on Google Play by bypassing security measures.
Facestealer is focused on extracting the data of the Android users it affects. The spyware can steal your Facebook credentials and other data.
Facestealer was first identified in July 2021. The virus made a second notable appearance on the Play Store last March. The spyware is designed to steal Facebook credentials and transmit them to servers located abroad, in particular in Russia. Specifically, hackers seek to take control of the Facebook account of their victims.
Trend Micro does not publish the full list of infected apps on the Play Store. As Trend Micro reports, some of the apps they found have been installed over 100,000 times. The report notes that Facestealer-infected apps often look like photo editing, processing, or sharing tools but can also take other forms. For example, researchers talk about Daily Fitness OL, which is advertised as a fitness app with exercises and video tutorials.
This fake fitness app prompts users to log in to Facebook through the built-in browser, and then a JavaScript code is “injected into the loaded page to steal the credentials entered by the user.”
Other applications affected by this virus include Enjoy Photo Editor, Panorama Camera, Photo Gaming Puzzle, Swarm Photo, and Business Meta Manager. According to TrendMicro, 42 of the 200 infected apps fall under the VPN category, 20 are camera apps, and 13 are photo editing apps, while the rest serve other unspecified functions.
Google teams have already removed all of these apps from the Play Store.
