The security company Trend Micro has found a series of applications infected with the Facestealer malware that is responsible for diverting user passwords to gain access to these and other services. A discovery that endangers many users around the world, given that the 200 infected apps have been installed on many mobile phones.
It is not the first time that this virus has done its thing, since the first one that appeared was back in July 2021, at which time another series of applications were located that were intended to obtain our access codes to Facebook. In order not to be discovered, the developers modify the code, making it very difficult to track it down and kill it quickly.
Be very careful what you have installed.
On many occasions we have advised you not to download applications outside of Google Play, one of the most valuable security measures that exist, although we can also come across these threats within the Google store . On this occasion, not all the infected tools in which the malware in question has been discovered have been disclosed, but luckily they have been removed immediately because no one else downloads them.
Among all the apps that have been discovered, the vast majority were focused on various services to expand throughout the store , for example, offering training exercises at home, many based on VPN, although they did not really fulfill what they promised, as we could read in the comments. A few others were based on working as an alternative camera or there were even those that offered us digital image retouching. In case you have any of those apps and you can’t locate it on Google Play, it’s time to uninstall it, to prevent problems.
These are all that we are aware of:
- Daily Fitness OL
- Enjoy Photo Editor
- Panorama Camera
- Photo Gaming Puzzle
- Swarm Photo
- Business Goal Manager
To be protected and make sure that our keys have not been leaked or at least they will not be able to do anything with them, we must do the following. Another piece of advice, if we have an app of doubtful reliability , is that we have to change the passwords of mobile apps and services, especially if we have repeated the same password in several places.
The modus operandi to attack the mobile
Many are the people who could have realized by themselves that something was not working properly, in these apps that sometimes could have worked without any type of registration. However, it always prompted the user to do so and displayed a confusing login screen to Facebook or other services through the browser that did not correspond to reality at all. The key was in a piece of code based on JavaScript that was done with the information.
It is then when the server copied all the entered data and sent it to the servers where these passwords were stored. Incidentally, a massive sending of cookies was also made that returned to the server with a lot of information extracted about the users . What may have left sequels in the privacy of many people.
