Hackers have unleashed a new variant of Android malware that poses as a fake banking app to trick users into compliance, after which it locks users out of their smartphones and sets about emptying their accounts, while victims scramble to access their phones again.
Security firm Trend Micro identified the threat and noted that the hackers were sending victims emails in efforts to distribute their malware encased app.
The mail informs the victim of a new security update recently released on the banking app installed on their phone and urges them to update it.
Users who have such banking apps installed are likely to follow instructions and download the fake app onto their phones.
In the event administrative privileges are provided, the malware remains inactive until the user launches the fake app, at which point of time a pop-up on the app deploys phishing techniques to obtain the victim's bank credentials, while redirecting it to the legitimate app.
The malware then, having detected that the jig is up, proceeds to empty the users' bank accounts.