Trend Micro researchers recently observed a number of apps on Google Play designed to perform malicious activities such as stealing user credentials and other sensitive user information, including private keys. Because of the number and popularity of these apps — some of them have been installed over a hundred thousand times — we decided to shed some light on what these apps actually do by focusing on some of the more notable examples.
The Facestealer spyware was first documented in July 2021 in a report by Dr. Web detailing how it stole Facebook credentials from users via fraudulent apps from Google Play. These stolen credentials could then be used to compromise Facebook accounts for malicious purposes such as phishing scams, fake posts, and ad bots. Similar to Joker, another piece of mobile malware, Facestealer changes its code frequently, thus spawning many variants. Since its discovery, the spyware has continuously beleaguered Google Play.
Source: Trend Micro