This flashlight app for Android wants to steal all your money

An incredibly sneaky third-party flashlight app for Android has been revealed to contain a Trojan virus that has the ability to steal and use your banking details, as well as intercept text messages and take photos with your device’s selfie camera.

The Trojan (Trojan.Android/Charger.B) was embedded in an app called “Flashlight LED Widget” and was discovered by Eset security researcher Lukas Stefanko on 10 April — almost two weeks after having been released on the Play Store and after it had already been downloaded by over 5,000 users. The finding was recently made public in this blog post.

Once installed, the virus can overlay fake login screens in order to trick users into entering credit card details, logins and other sensitive information, and the app has fake interfaces that mimic Facebook, Google Play, and even major Australian banking apps such as CommBank, NAB, and Westpac. Once it has your private information, the Trojan will lock your device and display a bogus error message while it withdraws funds or sends your details to the attackers’ servers.

Image of app appearing on Google Play, courtesy of Lukas Stefanko

Image of app appearing on Google Play, courtesy of Lukas Stefanko

If that wasn’t nefarious enough, the virus also hijacks the selfie camera in order to take a photo of the user and upload it to the server along with their banking details. The virus apparently also has the ability to intercept SMS messages. The malware’s code is designed to ignore users if it determines them to be located in Russia, Ukraine or Belarus, which Stefanko suspects is “to avoid persecution of the attackers in their home countries”.

While the app was taken down from Google Play as soon as it was discovered, there’s a chance some users may still be infected. Finding out if you have the malicious app installed is easy: just navigate to Settings > Application Manager (or ‘Apps’), and see if you have an entry for ‘Flashlight Widget’. You can visit Stefanko’s blog post for further details on determining if you are infected and for a video on how to remove the malware if you are, along with helpful tips on staying safe in the future.

Harry Domanski
Harry is an Australian Journalist for TechRadar with an ear to the ground for future tech, and the other in front of a vintage amplifier. He likes stories told in charming ways, and content consumed through massive screens. He also likes to get his hands dirty with the ethics of the tech.