Quote:A fake Android banking app found on Google Play was exfiltrating device identifiers, SMS messages, and phone numbers to its command-and-control (C&C) server, as discovered by Trend Micro's Echo Duan.

Once installed and launched on an Android device, the fake mobile token Movil Secure app hides by removing its icon from the screen and will collect a number of device identifiers (i.e., device ID, OS version, and Country Code) which it will then send to its C&C server and a phone number hardcoded in the device identifier collection function.

In addition, the fake banking app also exfiltrates phone numbers and SMS messages, with a possible goal of collecting all the data and using it in a later SMiShing campaign which might have already been started seeing that there are reports of people who installed this app and have been scammed afterward.