Affiliate links on Android Authority may earn us a commission.Learn more.
How your flashlight or Solitaire app could be stealing your bank information
June 02, 2025
A new version of BankBot hidden inside flashlight and Solitaire apps has affected thousands of Chase, Citi, and WellsFargo users across the world.
The Avast team has been working with ESET and SfyLabs to examine a new version of BankBot, andaccording to their report, the mobile banking malware could have affected thousands of Citi, Chase, DiBa, and WellsFargo users in countries like the US, Australia, Germany, Netherlands, France, Poland, Spain, Portugal, Turkey, Greece, Russia, Dominican Republic, Singapore, and the Philippines. While they have since been removed from the Play Store, several versions remained active until as recently as November 17, meaning it had plenty of opportunities to sneak into people’s phones and steal their sensitive banking information.
As Avast points out, the new version of BankBot is created to be undetectable by Google’s automated algorithm inside the Play Store. Hackers embed it into apps like “Lamp for Darkness,” “Sea FlashLight,” “XDC Cleaner,” “Classic Solitaire,” and “Spider Solitaire” and the virus is activated as soon as these apps are downloaded. The malware can either superimpose a fake user interface onto your banking app and collect your user ID and password as they are typed. Alternatively, in some countries, the malware intercepts transaction authentication numbers to conduct illegal online transfers.
Fortunately, the aforementioned apps have been removed from the Play Store, but as you may have guessed, hackers are likely to return with a similar or worse yet, a more sophisticated version of the malware. So what can you do to protect yourself? Avast suggests a few ways:
Have you been a victim of mobile banking malware? What kind of measures do you take to protect yourself? Let us know by leaving a comment below!
Thank you for being part of our community. Read ourComment Policybefore posting.
