Security researchers have spotted a legitimate banking app for Android smartphones and tablets that has been “trojanized” Using the so-called master key vulnerability, the flaw can be used by attackers to inject malicious code into a digitally signed, legitimate Android app. Running the malicious app triggers a screen asking users to enter their account details. “Should the user comply, their information would be sent to a remote malicious server controlled by the cybercriminal,” said Trend Micro. The Android app is used by up to 10 million people.”]