Warning to Android users: Have you downloaded this app?

Alison Banney 20 April 2017

android phone 738A fake flashlight app is targeting Android phones and stealing bank details.

A banking Trojan targeting Android phones has been discovered on Google Play by ESET, an anti-virus internet security company.

The malicious app, which masquerades as a flashlight app, has already been downloaded by over 5,000 users.

The key aim of the Trojan is to steal banking credentials, with major banks including Commbank, NAB and Westpac found to have been targeted.

ESET says the Trojan is particularly advanced. It has the ability to target a potentially unlimited number of apps and also has screen locking capabilities. The below picture is what the fake app looks like in Google Play.

Flashlight app pic 1Source: ESET

After downloading the fake app it requests device administrator rights and then, when granted, hides its icon so it only appears on the infected device as a widget.

The Trojan then registers the infected device with the attacker's central server, sending device information and a list of apps installed. If that’s not creepy enough, the Trojan even sends a photo of the device owner taken by the front camera to the attacker.

When the victim opens one of their banking apps, the Trojan uploads a fake screen requesting the user to enter their banking credentials and credit card information, which is then sent to the attacker. The below picture shows the fake screens targeting Commbank customers.

flashlight app pic 2Source:ESET

In addition to the banks mentioned above, ESET also found fake screens for Facebook, WhatsApp, Instagram and Google Play.

The Trojan also has the ability to remotely lock the devices screen and display a fake Android update lookalike screen, most likely when the attacker is clearing the victim's bank accounts.

The Trojan was available to download on Google Play between 30 March and 10 April 2017. To check if your device has been infected, go into Settings and check in your Application Manager/Apps to see if the flashlight widget is listed.

The app can be uninstalled by booting your device into Safe mode, which will enable you to go through the two steps of removing the malicious app.

The latest banking news

Get more from finder

Ask an Expert

You are about to post a question on finder.com.au:

  • Do not enter personal information (eg. surname, phone number, bank details) as your question will be made public
  • finder.com.au is a financial comparison and information service, not a bank or product provider
  • We cannot provide you with personal advice or recommendations
  • Your answer might already be waiting – check previous questions below to see if yours has already been asked

Finder only provides general advice and factual information, so consider your own circumstances, read the PDS or seek advice before you decide to act on our content. By submitting a question, you're accepting our Terms and Conditions and Privacy Policy.
Ask a question
Go to site