How to Avoid ‘Facestealer’ Malware on Android

Malware on Android isn’t a rare topic, unfortunately. While Google has a system to vet apps on the Play Store, hackers are clever, and find ways to slip malicious software through the cracks. “Facestealer” is the latest such software to do so: here’s what it is, and how to avoid it.

Facestealer’s goal is to spy on your phone for personal information, deliver you a series of ads, and force fake logins to steal your social media logins. While Facestealer was first discovered on 10 different apps back in July of 2021, it was recently found on 200. Most of these apps were available to download on the Google Play Store and other outlets for weeks before being discovered and taken down, masquerading as VPN, cryptocurrency, and camera/editing apps.

Because these “apps” are fake, and are made to install malware on your phone, one of the best ways to avoid Facestealer is by checking an app’s reviews before downloading it. Typically, malware-laced apps are full of negative reviews, either because the infected users know something is shady about the app, or the app is simply not living up to its original promise on the store.

Aside from reviews, vet an app yourself by looking at its store page closely: are the images legit? Are the descriptions written well? Take an extra close look at the permissions page: if an app is asking for too many permissions from your phone, avoid it. A VPN app shouldn’t need access to your camera or contacts, for example.