TrickMo is a new Android app that can intercept one-time authorization codes sent to Internet banking customers via SMS or push notifications. The app uses Android’s accessibility features that allows it to record a video of the app’s screen, scrape the data displayed on the screen, monitor currently running applications and even set itself as the default SMS app. To avoid raising suspicion when stealing the TAN codes, TrickMo activates the lock screen, thereby preventing users from accessing their devices. The name TrickMo refers to a similar kind of Android banking malware called ZitMo that was developed by Zeus cybercriminal gang in 2011.
Source: https://thehackernews.com/2020/03/trickbot-two-factor-mobile-malware.html