FaceApp Pro for Free installing Malware in Android – Beware of New scams

faceapp pro malware

ESET researchers are discovering fraudulent schemes that reject the FaceApp tool’s popularity with a fake “Pro” version of the application as a lure.

The latest FaceApp hype attracted swindlers who want to make rapid profit.

For both Android and the iOS, the FaceApp application offers various face-modification filters. During the free application, certain features, marked as “PRO,” are paid for. A huge wave of media attention has been generated by recent concerns about FaceApp privacy issues.

To different ends, scammers tried, with a fake “Pro”–but free–application version as a lure to exploit this wave of interest. Fraudsters have also tried to spread the word of this fictional version of the viral app–when this blog post was written, some 200,000 articles were returned from a Google search for “FaceApp Pro.”

We saw two ways that the scammers tried to make money from FaceApp’s inexistent “Pro” release.

Fake websites

The attackers used a counterfeit website to offer FaceApp’s “premium” version for free in one of the scams we saw.

Fake faceapp

In reality, scammers trick their victims to install other paid applications and subscriptions, publicity ads, surveys, etc. Their offers are countless. Victims are also asked from different websites to enable notifications to be displayed. These reports lead to further fraudulent offers when enabled.


We ended up with FaceApp’s regular, free version, available on Google Play, during our trial. However, the app was downloaded from the popular mediafire.com file sharing service, as shown in the below image, instead of using Google Play as the source. This means that if the attackers were willing, users could easily download malware.


YouTube videos

The second scam type includes YouTube videos which once again promote FaceApp’s free download links to “Pro.” The shortened links indicate applications whose only functionality is the installation by users of various additional Google Play applications. In Figure 4, a YouTube video shows more than 150,000 views when you write.

Although this scam is usually only used to deliver ads, the short links can lead to malware installation by just one click. We saw this happen in the past, with Fortunate being used as a lure for example.

Video spreads faceapp malware

The above link was clicked 96,000 times, but that does not tell us a lot about the number. (However, serious companies do not even dream about the high rate of clicking.)


Hypes attract scammers and the greater the wave, the greater is the risk of a scam falling. Users should remember to abide by basic safety principles before joining the hype.

No matter how exciting the issue is, avoid downloading apps from non-official app shops and check the information available (developer, rating, reviews, etc.) on the app. Especially in the Android ecosystem, every popular app or game is fake; fortunately, security-conscious users are well advised to tell the fakes from genuine products. As a scam insurance, the user can help avoid some negative effects by placing a reputable security application on a mobile device.

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.