Malware Focus: Facestealer

  • Published: Tuesday, May 17, 2022

Facestealer is malware hidden in apps that appear to look harmless. The intent is to steal credentials for popular social media sites. Researchers have discovered the malware in a variety of apps in the Google Play and Apple stores and they have since been removed. Many users may have already downloaded some of these apps and may be vulnerable to credential theft.

Keep in mind that many apps will request access to:

  • Camera
  • Storage to read, modify or delete
  • Contacts
  • Photos
  • Location
  • View and have full access to wifi and other network connections
  • Receive data from the Internet
  • Prevent phone from sleeping
  • Run at startup
  • Use in advertising and marketing

What? Does a photo editing app really need all of these permissions? Of course not! Remember to read the permission requests of the app prior to installing. If you don't want the app to have access to your contacts and it does not provide a way to opt out, you may want to reconsider setting this up.

Use caution when installing any software that requires the input of sensitive and personal information, including images of faces. Once your information is uploaded to remote servers, it is susceptible to being resold, breached or shared without consent.

If you suspect you have installed a potentially malicious app, you should delete it and change your passwords on all your social media account. Enable two-factor authentication if possible.

Resources