Developer of antivirus software ESET reported the discovery in Google Play Android Trojan/Charger that is disguised as a flashlight app LED Flashlight Widget. The message of the company with a description of Troyan is available .
The program asks the owner of the smartphone, the device administrator rights and permission to open Windows on top of other applications. “The virus then sends a command to the intruders’ server information about the device, including the list of installed applications and the holder’s photograph made the front camera,” — said in a statement.
System failure: Russian hackers in US prisons
After this, if the user opens on the device the app is mobile banking or social networking, the screen shows a fake window for data entry, and all entered passwords or credit card data are sent to the attackers. In addition, the Trojan can block the device’s screen displaying a message about downloading updates. This technique, according to experts of ESET, used in the theft of funds from the account, so attackers block the smartphone that the user was not able to take action, noting “suspicious activity”.
In this case, said the company-developer of antivirus software, if the infected device is located on the territory of Russia, Belarus or Ukraine, the virus is deactivated. ESET have suggested that in this way the creators of this Trojan are trying to avoid criminal prosecution in the countries where they allegedly reside.
In the study, ESET observed the interception of passwords Commbank, NAB and Westpac Mobile Banking, as well as Facebook, Instagram, and Google Play, however, the company pointed out that the creators of Trojan programs can “retarget” him almost any application.