ESET researchers have announced the discovery of a new banking trojan on Google Play.
Disguised as a Flashlight widget, this trojan targets a potentially unlimited number of apps and can cause serious harm if people are not using a reputable mobile security solution to protect their device.
While other banking trojans have a static set of targeted banking apps, this trojan is able to dynamically adjust its functionality.
The remotely controlled trojan can deliver promised flashlight functionality, and comes with a variety of additional functions aimed at stealing victims’ banking credentials.
Based on commands from its C&C server, the trojan can display fake screens mimicking legitimate apps, lock infected devices to hide fraudulent activity and intercept SMS and display fake notifications in order to bypass 2-factor-authentication. The malware can affect all versions of Android.
The trojan was uploaded to Google Play on March 30, 2017 and installed by up to 5000 unsuspecting users before being pulled from the store after ESET’s alert on April 10.
ESET suggests many users may have infected their devices with the trojan inadvertently after they installing a Flashlight app from Google Play.
They are advised to check their devices by going to the Settings>Application Manager/Apps and look out for the flashlight widget.
This trojan tries to block attempts to uninstall it by preventing users from turning off the active device administrator which is required to remove the app.
Users can uninstall the app by booting their device into Safe mode. Once this is done, the malicious app easily removed.
As prevention is better than cure, users are advised to choose official app stores when downloading apps whenever possible.
It is advisable to check the popularity of the app before installation. This can be done by checking the number of installs, ratings and, content of reviews.
Sign up for CIO Asia eNewsletters.