Flashlight App Steal Data: Recently, a flashlight app for Android smartphones was launched. This is an app stealing data of smartphone owner. It is a fake app, which takes some personal data of users via camera flash. The app has a harmful Trojan which obtains your data like banking, text messages and takes photos of your face. The fraud activities conducted without your permission.
The app is called Flashlight LED Widget. The user also uses this app as a torch. The first news of this dangerous app came from a company blog by Eset security researcher, Lukas Stefanko. He said that the app displays a fraudulent screen which imitates original banking apps. It fools the users by forcing them to provide real username and password. The flashlight app can also hack text messages which will help in two-factor authentication.
Lukas Stefanko also added that it doesn’t matter which Android version you are using. It can attack any version of Android devices. It has been spreading worldwide very instantly. This app is of vibrant nature hence no one can count the number of devices is affected by this app. The malicious app receives the HTML code of the apps installed on user’s Android device. After installation, the HTML code is used to cover the apps with fraud display.
Previously, an Android app from Australian banks has been mimicked by the malware. The malware was identified by the name Trojan.Android/Charger.B. Stefanko further added that the malware has also affected some mobile banking apps of Commbank, NAB, and Westpac Bank. It is not limited to banks whereas the app has faked the screen of social media platform of Facebook, WhatsApp, Instagram and Google Play.
The Flashlight LED Widget was listed on Google Play on March 30 this year. It was downloaded by approximately 5,000 Android devices. Soon on April 10, Google removed it from the store. According to reports, there maybe some android apps stealing data.
According to the blog, when the app obtains data of the smartphone being from Russia, Ukraine or Belarus, a server blocks the malware from causing any future damages. This step was taken to save undertaking of the criminals in the native land. It takes a snap of the user’s smartphone via front camera, then sent to its central server. The app can also withdraw money from the user’s bank account. For stealing money, they lock the Android screen when a user is withdrawing money via net banking. Then, the user observes a fake screen which easily hides fraud activities from the user.
If you have installed the wicked app then doesn’t think it is easy to uninstall. You have to reboot your device in the safe mode for permanently deleting the app from your device. You can read the blog post of Stefanko for getting the full tutorial. The blog has a full explanation of removing the app from your device. You can also watch the video by ESET for removing the malware permanently from your Android device.