Invisible Man malware lifts banking credentials by abusing Android accessibility services
A family of malware known as “Invisible Man” abuses Android OS accessibility services in order to steal users’ banking credentials.
Invisible Man, also known as “Svpeng”, has earned quite a reputation for itself in the past few years. It was one of the first trojans to attack SMS-based banking and to steal users’ credentials via phishing overlays. Such novelty garnered attention for the malware among computer criminal circles… as well as Russian law enforcement.
Once again, the threat is up to no good. This time it’s posing as Adobe Flash Player for Android, a well-worn disguise in the digital crime world, on malicious websites. When anyone installs it, the fake app requests the ability to use accessibility services on the now-infected device
Source: Graham Cluley