Trojan in Google play pretended to be QRecorder app that records phone calls. Malware also bypasses SMS for two-factor authentication. Trojan has more than 10,000 installs on Google play with more than 500,000 downloads. Trojan targeted German, Polish and Czech banks. Trojan can steal users banking credentials and bypass SMS for 2-factor verification. Trojan uses the accessibility service to take control on what to be displayed on the user screen. The threat actors used Firebase messages to communicate with the infected devices.”]
Source: https://gbhackers.com/android-banking-trojan-10000-installs/