Yes, the app doesn’t steal any information from other apps. The report says the malware just displays a fake bank login page, in the hope the user gives it their details willingly.
It looks like they are doing it after app install with a malicious patch. This patch asks for SMS and accessibility access to gain privileges necessary to get into the banking apps. I haven’t thoroughly read it but just looking at the attack chain that’s what I gleaned.
Aren’t apps on android hermetically sealed from other apps and malware. How could this be achieved ?
Yes, the app doesn’t steal any information from other apps. The report says the malware just displays a fake bank login page, in the hope the user gives it their details willingly.
As a developer this question is hilarious to me
As a curious Android user this comment is useless to me
For a real answer here’s the Zscaler blog write up: https://www.zscaler.com/blogs/security-research/technical-analysis-anatsa-campaigns-android-banking-malware-active-google
It looks like they are doing it after app install with a malicious patch. This patch asks for SMS and accessibility access to gain privileges necessary to get into the banking apps. I haven’t thoroughly read it but just looking at the attack chain that’s what I gleaned.
Ugh, TIL zscaler actually does more than just send my PII to the USA without my consent.