Attackers infected more than 75% of a multinational conglomerate’s managed Android devices with the Cerberus banking trojan using the company s compromised Mobile Device Manager (MDM) server. MDM is a mechanism used by companies of all sizes to enroll enterprise-owned devices with same management server to make it easier to perform tasks such as delivering company-wide device configurations, deploying applications, and more. Once deployed onto an Android device, Cerberus can be used by the attackers to steal a wide range of highly sensitive information including but not limited to call logs, text messages, credentials, Google Authenticator 2FA codes, phone unlocking patterns, and log keystrokes.
Source: https://www.bleepingcomputer.com/news/security/hackers-breach-company-s-mdm-server-to-spread-android-malware/