ESET experts warn of another Trojan stealing passwords from banking apps and social networks

26 April 2017
Mobile devices running Android have been exposed to yet another threat. This time, it is a Trojan detected by ESET specialists and detected by NOD32 antivirus products as Android/Charger.B. This malware steals passwords from banking applications and social networking accounts.The detected malware was spreading to devices of unsuspecting users under the guise of a flashlight. The app, innocuously named Flashlight LED Widget, requested administrator privileges and permission to launch windows on top of other apps after launching it for the first time. This alone should alert a user who merely wants to turn on a flashlight on his or her gadget. Next, the Trojan sends information about the device, as well as a picture of the user taken using the front-facing camera and a list of installed apps to the C&C server. Alas, however, the data transfer to the attackers does not end there. When launching Google Play, Facebook, Instagram or other social networking or mobile banking applications, the Trojan opens a fake window notifying the user that access to the desired service is suspended due to a lack of certain data. Of course, it is offered to confirm their identity by entering their bank card data, as well as their username and password, which will immediately fall into the hands of the attackers. Interestingly, the Trojan is even capable of locking the device's screen. ESET experts believe that this is done in order to hide the fact of money transfer from the user's account, so that the operation was successful and the victim could not interrupt it. In order to get rid of the Trojan, it is recommended to remove Flashlight LED Widget application from your gadget. Of course, there may be problems with this, because the malware can resist in every way and block the screen with pop-ups. In such cases, it is recommended to reboot the device in safe mode, or contact a specialist. True, to our compatriots, in this case, there is no reason for concern. For unknown reasons, the Trojan is automatically deactivated on infected devices located in Russia, Ukraine or Belarus. Some users joke that even Trojans are afraid of Russian hackers, but ESET specialists have expressed the opinion that attackers are thus trying to avoid prosecution in their home country. Nevertheless, it is worth remembering that the most reliable method of fighting viruses is to be careful, especially when visiting suspicious sites or downloading unfamiliar files. Also, having a reliable antivirus will help avoid many complications.