According to data from ESET, an app that worked as a flashlight had malware and stole bank data for users. If you have this app installed remove it now! ESET detected an app that contained malware. This app has been downloaded more than 5000 times from Google Play and although it is no longer available, it is likely to still affect hundreds of Android users. This threat, posing as an innocent flashlight application, was remotely controlled and has several features that allow criminals to steal users’ bank credentials. When the user downloads the fake flashlight application from Google Play, it was immediately installed on the device. However, instead of being registered as a simple app, the icon would disappear and would only appear as a widget. Subsequently, it sent the data of the infected device to a server belonging to the criminal. This information included information about the device, the list of apps, as well as a photograph of the victim captured with the front camera. If the information submitted indicated that the user was located in Russia, Ukraine or Belarus, the threat would cease immediately. Otherwise, it continued to function normally. This may indicate that the perpetrators of this malware may originate from these countries. To verify that this threat is present on your device, look for the Flashlight Widget entry in the application manager. In the event of an infection, ESET has prepared a special video that helps users to be free of this threat.

The way malware works is very simple and almost goes unnoticed. In practice, although it appears that the user is running the application that allows access to the database, it is actually being directed to a fake page impersonating the app. If you enter the data, they will be immediately sent to the criminal. This trojan detected by ESET as Trojan.Android/Charger.B has not been available on Google Play since last month but may continue to affect multiple devices if it has been installed in the meantime.