FaceStealer is an infostealer Trojan that targets Android devices specifically. The goal of the cybercriminals spreading the threat is to obtain the Facebook account and login credentials of their victims. The collected accounts can then be exploited in various, different ways, such as further dissemination of malware threats, advertising dubious content, being part of disinformation campaigns and more.
The FaceStealer threat spreads via weaponized applications disguised as popular Android software products. So far, infosec researchers have identified 26 targeted applications belonging to various categories, such as horoscopes, application lockers, VPNs, photography, etc.
Once installed and executed, the downloaded threatening program will display a window from the original and legitimate application to avoid alerting the user to its true intentions. This initial window will then redirect to a login page that asks users to sign in using their Facebook credentials to access the application's functionality.