A new strain of mobile banking trojan called Ginp has been constantly refined to collect login credentials and credit card details. Researchers say that Ginp went through clear stages of evolution over the past five months. Ginp was first seen in late October by an Android malware analyst at Kaspersky. The latest version of Ginp with features that are still inactive was detected this month, showing that its developers keep improving their product. The threat actor can easily grab the two-factor authentication codes some banks send out to prevent fraudulent logins.
Source: https://www.bleepingcomputer.com/news/security/ginp-android-banker-sets-as-default-sms-app-steals-all-text/