Recent observance by researchers in the Google Play Store showed that numbers of applications are malicious to the user. The malicious activities performed includes the stealing of credentials, private information such as private keys of the user’s crypto currency wallets.
These applications are named as Facestealer Spywares, which steals Facebook credentials from users through fake applications from the Google Play Store.
The stolen information, later used to compromise Facebook accounts for activities such as phishing scams, ad bots and more.
This Facestealer changes its code frequently creating more variants. From the day of its discovery, it has been constantly up against Google Play Store.
Of the 200 fake applications, 42 are VPN Services, 20 camera applications, 13 Photo-editing applications. Along with harvesting credentials, the apps are also designed to steal Facebook cookies and personally identifiable information associated with a victim’s account.
Also, Trend Micro disclosed that it uncovered over 40 rogue cryptocurrency miner apps that target users interested in virtual coins with malware designed to trick users into watching ads and paying for subscription services.
It also disclosed information about a few malicious applications that were involved and studied during their research process.
Their investigation further revealed that most of these fraudulent crypto mining applications are developed using the Kodular, a free online suite used for mobile application development.
SUGGESTIONS
These Fake apps are impersonating as genuine simple applications such as, Virtual Private Networks, Cameras, Picture Editing applications, and even as Fitness applications, to tempt the users in installing the applications in their devices.
They could be avoided by checking their reviews, especially the negative ones, to see if there are any unusual concerns or experiences from actual users who have downloaded the apps.
Users should steer clear of downloading apps from third-party sources, since these are where many malicious actors host their fraudulent apps.
INDICATORS OF COMPROMISE
FACESTEALER
| SHA-256 | Package name | Detection name | Download count before being taken down |
| 7ea4757b71680797cbce66a8ec922484fc25f87814cc4f811e70ceb723bfd0fc | com.olfitness.android | AndroidOS_FaceStealer.HRXH | 10,000+ |
| b7fe6ec868fedaf37791cf7f1fc1656b4df7cd511b634850b890b333a9b81b9d | com.editor.xinphoto | AndroidOS_FaceStealer.HRXF | 100,000+ |
| 40580a84b5c1b0526973f12d84e46018ea4889978a19fcdcde947de5b2033cff | com.sensitivity.swarmphoto | AndroidOS_FaceStealer.HRXE | 10,000+ |
| 6ccd0c0302cda02566301ae51f8da4935c02664169ad0ead4ee07fa6b2f99112 | com.meta.adsformeta3 | AndroidOS_FaceStealer.HRXG | 100+ |
| 4464b2de7b877c9ff0e4c904e9256b302c9bd74abc5c8dacb6e4469498c64691 | com.photo.panoramacamera | AndroidOS_FaceStealer.HRXF | 50,000+ |
| 3325488a8df69a92be92eb11bf01ab4c9b612c5307d615e72c07a4d859675e3f | com.photo.move | AndroidOS_FaceStealer.HRXF | 10,000+ |
CRYPTO-MINERS
| SHA-256 | Package name | Detection name |
| 3d3761c2155f7cabee8533689f473e59d49515323e12e9242553a0bd5e7cffa9 7c76bff97048773d4cda8faacaa9c2248e594942cc492ffbd393ed8553d27e43 c56615acac1a0df1830730fe791bb6f068670d27017f708061119cb3a49d6ff5 | app.cryptomining.work | AndroidOS_FakeMinerStealer |
Leave A Comment