Android flashlight app found in the Google Play Store steals users’ banking details


An Android flashlight app available to download from the Google Play Store actually contains a Trojan virus designed to remotely steal users’ banking details.

Once downloaded, the app, named Flashlight LED Widget, works by mimicking genuine banking apps and tricking users into handing over their login details.

The app was discovered by Lukas Stefanko from online security firm ESET, who said the app was disguised as a simple flashlight app that uses the flash on the phone’s camera.

However, it is also capable of displaying fake screens that look like the login screens of legitimate banking apps. It can also intercept SMS messages in order to get round accounts with two factor authentication enabled.

Flashlight LED Widget

The trojan on Google Play. Image: ESET

“The malware can affect all versions of Android. Because of its dynamic nature, there might be no limit to targeted apps – the malware obtains HTML code based on apps installed on the victim’s device and uses the code to overlay the apps with fake screens after they’re launched,” Stefanko said in a blog post.

Stefanko said that the app mimicked the login screens of a number of Australian banks such as Westpac, Commbank and NAB but also mimicked the screens of Facebook, Instagram and WhatsApp.

If that wasn’t bad enough the app can also hijack the front facing camera to take photos of the user and upload it to servers along with the banking details.

While the app has since been removed from the Google Play Store, it was still by 5,000 users and there is a chance that the smartphones of some users may still be infected.

Users can check if their device is infected by going to Settings > Application Manager or Apps and search for “Flashlight LED Widget”.

ESET have also released a video on how to remove the app.


Comments are closed.