Experts ESET found at the official online store Google Play app that steals passwords from mobile banking, and social networks Facebook and Instagram. This is stated in the message of the company.
Dangerous Trojan is disguised as a flashlight app LED Flashlight Widget. After installing and running it requests administrator rights and permission to open Windows on top of other applications, then “malware” sends a command to the intruders ‘ server information about the device, including the list of installed applications and the holder’s photograph made the front camera.
If the infected device is located in Russia, Ukraine or Belarus, the virus is deactivated. Experts of antivirus company believe that the way attackers try to evade criminal prosecution in their country. When your smartphone offers mobile banking or social network, on the screen there is a fake window for data entry. Usernames, passwords or credit card data that is entered in the window are sent to the attackers
In the study, ESET observed the interception of passwords Commbank, NAB and Westpac Mobile Banking, as well as Facebook, Instagram, and Google Play, explains that attackers can repurpose it for almost any application.
Trojan can block the device’s screen displaying a message about downloading updates, this feature is supposed to be used in case of theft of funds from the account. Attackers remotely block a smartphone, in order for the victim noticed suspicious activity and failed to take action.
