StrandHogg 2.0 can allow malicious apps to camouflage as most legitimate applications and steal sensitive information from Android users. The vulnerability affects all Android devices running Android 9.0 and below (Android 10 is not affected) Security fix was already released by Google for Android versions 8.0, 8.1, and 9, after being notified of the vulnerability in December 2019 and rolling out a patch to Android ecosystem partners during April 2020. The bug is similar to a previous Android vulnerability that was actively exploited by the BankBot banking trojan.
Source: https://www.bleepingcomputer.com/news/security/critical-android-bug-lets-malicious-apps-hide-in-plain-sight/