A malicious app impersonating a phone call recording utility in Google Play Store managed to steal thousands of euros from a couple of bank customers in Europe.
The malware was planted in QRecorder app, advertised as an automatic call and voice recording tool. At the time of the analysis, it had been downloaded over 10,000 times.
Once installed, the malicious app could intercept text messages and ask for permission to cover other applications with its interface.
These capabilities allow it to capture two-factor authentication codes users receive via the SMS and to control what the user sees on the screen.
Full Article.