Clik here to view.
ESET have discovered yet another banking Trojan app – this time disguised as a Flashlight widget and targeting a potentially unlimited number of apps.
iTWire has warned many times that simple apps requiring system privileges are dangerous. Why would a flashlight request any permissions?
ESET has a blog here that covers the operation of the app but the important point is that this is one of a new breed of malicious apps called Android/Charger discovered by Check Point in January 2017 that could be skinned to do or be almost anything.
It will display fake bank screens mimicking legitimate apps, lock infected devices to hide fraudulent activity, intercept SMS and display fake notifications to bypass 2-factor-authentication. Its target can be dynamically updated, as opposed to being hardcoded in the malware – opening unlimited options for future misuse.
{loadposition ray}
You can check if you have installed it Setting > Application Manager/Apps > Flashlight Widget. But uninstalling is not easy – it persists even if you select uninstall. The cure is to boot the device into safe mode and go to Settings > Security and remove the Flashlight as an administrator. Then you can uninstall it.
To do this press/release the power button and, when you see a logo appear during boot-up, hold down both the Volume Up and Volume Down buttons. Continue holding the two buttons until the device boots up with a Safe mode indicator at the bottom-left corner of its screen.
Google missed this in its Play Store because the actual payload is encrypted in the APK file installed from Google Play, evading detection of its malicious functionality. The payload is dropped, decrypted and executed when the victim runs the app.
ESET says a reputable anti-virus/malware protector should prevent its install.
