Millions of Android users warned over FAKE lock screen that steals their phone’s PIN and raids bank accounts
The malware tries to take advantage of a device's powerful accessibility service permissions so that it can grant itself extra permissions and tap on prompts automatically.
The banking trojan then confronts affected users with phishing login screens to various banks in a bid to steal their credentials so attackers can perform unauthorised transactions.
"The deceptive User Interface is an HTML page hosted on an external website and is displayed in full-screen mode on the device, making it look like a legitimate screen," Zimperium reports.
They added: "When the user enters their unlock pattern or PIN, the page transmits the captured PIN or pattern details, along with a unique device identifier (the Android ID) to a PHP script."
And stealing the PIN means cyber criminals can unlock the device when it's not actively monitored to commit fraud - particularly late at night.
