A remotely operated Trojan horse pretending to be a Flashlight application for Android devices has been reported to gain popularity and infect more devices. The trojan is able to display fake duplicate screens that appear to be the same as the ones on legitimate applications in order to intercept and steal information. This new type of phishing technique has been reported to be widely used and be the new trend in banking malware.
Flashlight LED Widget
|Type||Android Banking Trojan|
|Short Description||Uses a fake app to display duplicate login screens of legitimate applications and sniff out information this way.|
|Symptoms||Having an app, called Flashlight LED Widget.|
|Distribution Method||Malicious third-party apps or Google Play Store.|
See If Your System Has Been Affected by malware
|User Experience||Join our forum to Discuss El Gato Ransowmare.|
Flashlight Banking Trojan – Distribution
One very important method of distribution used by the hackers who spread this trojan is by uploading seemingly legitimate widgets and apps on Google Play store with malware embedded in them. The apps themselves are not malicious and they may do as promised, however this particular Flashlight LED Widget connects to a command and control server of the cyber-criminals after requesting administrative permissions from the Android user. Such permissions even allow the app to hide it’s icon from the device, preventing it’s uninstall via this method.
Android Flashlight Banking Trojan – How Does It Work?
Once the app infects an Android device, the payload is contained in encrypted format within the APK package file which the victim installs from the Google Play store. This payload code is obfuscated and cannot be detected. But once the application is installed, the code is unpacked and unlocked.
The first thing this trojan does is to connect to the server of the cyber-criminal behind it, sending important details of the device. It also takes a snapshot on your front camera to see who you are.
What is interesting is that if the device detects the victim is from Russia or former Soviet Union countries, including Ukraine and Belarus, it shuts down. This tactic is believed to be performed because the attackers may claim afterwards they have not infected their own countries.
In addition to those activities, the fake Flashlight LED Widget malware also sends information in a HTML code which is displayed in WebView. This means that as soon as the affected user opens a new application, the application that is original is replaced with a duplicate screen that requests victims to enter their personal credentials such as their PayPal password and username, for example. Malware researchers at WeLiveSecurity have identified that there is difference between the legitimate and fake screen, even though it is minimal:
But this is not all, the malware can also lock the screen on your phone, similar to what mobile ransomware infections, like El Gato Android ransomware(https://sensorstechforum.com/remove-el-gato-android-ransomware-restore-locked-devices/) does.
Remove Flashlight Widget Banking Malware from Your Android Device
In order to make sure that your device is safe, follow the instructions below.
Preparation before removing Flashlight LED Widget.
Before starting the actual removal process, we recommend that you do the following preparation steps.
- Make sure you have these instructions always open and in front of your eyes.
- Do a backup of all of your files, even if they could be damaged. You should back up your data with a cloud backup solution and insure your files against any type of loss, even from the most severe threats.
- Be patient as this could take a while.
Flashlight LED Widget FAQ
What Does Flashlight LED Widget Trojan Do?
The Flashlight LED Widget Trojan is a malicious computer program designed to disrupt, damage, or gain unauthorized access to a computer system.
It can be used to steal sensitive data, gain control over a system, or launch other malicious activities.
What Damage Can Flashlight LED Widget Trojan Cause?
The Flashlight LED Widget Trojan is a malicious type of malware that can cause significant damage to computers, networks and data.
It can be used to steal information, take control of systems, and spread other malicious viruses and malware.
Is Flashlight LED Widget Trojan a Harmful Virus?
Yes, it is. A Trojan is a type of malicious software that is used to gain unauthorized access to a person's device or system. It can damage files, delete data, and even steal confidential information.
Can Trojans Steal Passwords?
Yes, Trojans, like Flashlight LED Widget, can steal passwords. These malicious programs are designed to gain access to a user's computer, spy on victims and steal sensitive information such as banking details and passwords.
Can Flashlight LED Widget Trojan Hide Itself?
Yes, it can. A Trojan can use various techniques to mask itself, including rootkits, encryption, and obfuscation, to hide from security scanners and evade detection.
Can a Trojan be Removed by Factory Reset?
Yes, a Trojan can be removed by factory resetting your device. This is because it will restore the device to its original state, eliminating any malicious software that may have been installed.
Can Flashlight LED Widget Trojan Infect WiFi?
Yes, it is possible for a Trojan to infect WiFi networks. When a user connects to the infected network, the Trojan can spread to other connected devices and can access sensitive information on the network.
Can Trojans Be Deleted?
Yes, Trojans can be deleted. This is typically done by running a powerful anti-virus or anti-malware program that is designed to detect and remove malicious files. In some cases, manual deletion of the Trojan may also be necessary.
Can Trojans Steal Files?
Yes, Trojans can steal files if they are installed on a computer. This is done by allowing the malware author or user to gain access to the computer and then steal the files stored on it.
Which Anti-Malware Can Remove Trojans?
Anti-malware programs such as SpyHunter are capable of scanning for and removing Trojans from your computer. It is important to keep your anti-malware up to date and regularly scan your system for any malicious software.
About the Flashlight LED Widget Research
The content we publish on SensorsTechForum.com, this Flashlight LED Widget how-to removal guide included, is the outcome of extensive research, hard work and our team’s devotion to help you remove the specific trojan problem.
How did we conduct the research on Flashlight LED Widget?
Please note that our research is based on an independent investigation. We are in contact with independent security researchers, thanks to which we receive daily updates on the latest malware definitions, including the various types of trojans (backdoor, downloader, infostealer, ransom, etc.)
Furthermore, the research behind the Flashlight LED Widget threat is backed with VirusTotal.
To better understand the threat posed by trojans, please refer to the following articles which provide knowledgeable details.