iBanking is nothing but a mobile banking Trojan app which impersonates itself as a so-called ‘Security App’ for Android devices and distributed through HTML injection attacks on banking sites. Source code has been leaked online through an underground forum that gave the opportunities to a larger number of cyber criminals to launch attacks using this kind of ready-made mobile malware. The bot allows an attacker to spoof calls to any pre-defined phone number, capture audio using the device’s microphone and steal other confidential data like call history log and the phone book contacts.
Source: https://thehackernews.com/2014/04/ibanking-android-malware-targeting.html