Once again Android OS uses were attacked by the unknown group of cybercriminals. The hackers have created a new banking malware, masquerading as a Flashlight LET Widget app. Dissimilar to other banking trojans with a static arrangement of targeted banking apps, this malware can progressively change its functionality.

The malicious app, detected by the security experts from ESET company, was defined as Trojan.Android/Charger.B.

Once the app is installed and launched, it requests device administrator rights. With the rights and permissions granted, the app hides and is available only as a Widget.

The malware registers the infected device to the hackers’ server. Based on commands from the server, the trojan can steal victims’ banking credentials by displacing fake screens mirroring true banking apps, intercepting SMS and showing fake notifications in order to sidestep two-factor authentication.

If a user tries to remove the malicious trojan, he or she will only be able to do so by booting the device in safe mode. In normal mode, the malware does not allow the victim to disable the administrator privileges.