Security researchers have discovered that the notorious BankBot banking malware has once again snuck into Google Play store by hiding in seemingly trustworthy apps such as flashlight and Solitaire apps. According to a new report by cybersecurity firms Avast, ESET and SfyLabs, thousands of Android users have been infected by new versions of the malicious Trojan over the past few months.

Researchers said the latest version of BankBot, first spotted in Google Play on 13 October, has been concealed in various flashlight and Solitaire apps. Some of the infected apps include “Tornado FlashLight”, “Lamp For DarkNess” and “Sea FlashLight.”