Security experts have warned about a new form of malware dubbed LightsOut that was recently discovered in 22 flashlights apps in the Google Play Store.
The apps, which have now been removed by Google, had been downloaded between 1.5 million and 7.5 million times.
According to cyber security firm CheckPoint, the malware bombards Android users with ads whenever routine tasks are performed on the infected device, such as ending a call, connecting to Wi-Fi or plugging in the charger.
In an era when even the most basic Android smartphones often include their own flashlight, there’s next to no need for anyone to download flashlight apps.
Especially when downloading them can lead to your device becoming infected with malware.
Flashlight apps are frequently used by cyber criminals to hide strains of malware.
When unsuspecting users download the app their phone is then infected, as in the case with the LightsOut malware.
In November last year, criminals managed to hide a dangerous banking malware inside a flashlight apps, which was able to steal login credentials to online bank accounts.
In June last year, millions of Android devices were also at risk from a form of adware that was hidden in a number of different apps, including flashlights.
In both instances that apps were eventually removed from the Google Play Store but only after they had already infected scores of Android devices around the globe.