A spam campaign is targeting German Andoird users, the malicious emails impersonate PayPal trying to trick the recipient into downloading a bogus PayPal app update that hides a banking Trojan. The fake PayPal app is able to perform UI hijacking, this feature is very insidious because allows the malware to impersonate a number of legitimate apps everytime the user is required to enter its credentials. The malicious app is not hosted on the official Google Play, this means that all users that have disabled the setting on allowing the installation of applications only from Google Play are potentially at risk.”]
Source: https://securityaffairs.co/wordpress/40696/cyber-crime/bogus-paypal-app.html