Additional analysis by Michael Hwang
Not all Android phones come with a built-in flashlight feature in its operating system. Users would have to download flashlight apps to have this utility on their phone. Chances are, these apps will come with updates and ads. Imagine that, flashlights with updates and ads. And while this may seem normal with how apps operate, one flashlight app that’s available in Google Play shows ads that goes beyond the annoying and tells users that their mobile unit is infected with malware.
Super-Bright LED Flashlight on its own is a safe application. However, when a user runs the app, a webpage opens and tells that their device is infected with malware and has a broken battery. The webpage also advises users to install an Android optimizer and anti-virus app to resolve these issues. When we checked the app, the ad was not part of its routine.
Figure 1.Warning window launched when using the app
Virus is found in your Sony Xperia Z5 device and the battery is infected with virus and become broken.
4 minutes 42 seconds
How to repair the battery:
Step 1: Click the button below, then go to Google Play Store to install the recommended anti-virus application for free
Step 2: Launch the application, clean all virus and fix the battery
Step 3: Keep this application at least 3 days to clean all virus completely and avoid further attacking.
Text in the button: “Clean Battery Virus Now”
Trend Micro detects Super-Bright LED Flashlight as AndroidOS_FlightAd.A . According to the app’s download page, it has already been downloaded by 6 million users. As much as users are affected by this blatantly misleading ad, it is just as harmful, if not, even more damaging for the app itself. Users have already pointed this issue out and are lashing out by giving the app the lowest possible ratings, accompanied by negative reviews.
Figure 2. Recent reviews of Super-Bright LED Flashlight
In these cases, developers such as Surpax Inc. are not entirely at fault. Again, they were not the ones who made the false ad. However, it should be their responsibility to monitor the ads shown in their application. If they don’t, it may lead to materials such as the one appearing in the flashlight app. In even graver cases, these ads may scare or trick users into downloading malware. Trend Micro has contacted Google Play and other app stores where Super-Bright LED Flashlight is available, advising them of this issue. Mobile users should be careful with mobile ads in general. At the same time, app developers should be aware of incidents that may harm their product’s reputation. When choosing an ad network, developers should do their due diligence before allowing ad networks to put up possible harmful ads. The malicious quality of these apps may lead to blacklisting of the app, depending on its severity.
For users, we advise the installation of a trusted security software in their mobile devices to protect it from malicious apps and threats. Trend Micro Mobile Security and Trend Micro Mobile Security Personal Edition protects users from this threat and other related threats. Trend Micro Mobile Security Personal Edition is available on Google Play.
Additional SHA1s for related files: