A new custom mobile banking malware for Android, dubbed Gnip, has emerged onto the scene. The malware has gone through four iterations, each adding significant advancements. The latest version includes a two-screen overlay approach to impersonate banks. When an infected victim opens a mobile banking app, the malware brings up overlay windows fetched from its command-and-control (C2) server, which mimic the real app. The first screen asks for login credentials, while the second steals the credit-card details.
Source: https://threatpost.com/gnip-banking-trojan-aggressive-development/150521/