Malware that combines info/data-stealing and phishing capabilities lurked in Google Play using the guise of legitimate-looking apps. One of them was installed at least 100,000 times, with two exceptions:- Win7Launcher, Win7imulator, FlashLight, and Flappy Birr Dog. Researchers from Trend Micro identified the command and control servers (C2) where Mobstspy sends all the information: mobistartappapp.com, coderoute[.]ma, hizaxytv[.]com, and seepano.com. Researchers say the malicious apps were available for download in 2018 and Google suspended five of them in February last year.
Source: https://www.bleepingcomputer.com/news/security/new-android-malware-combines-info-stealing-and-phishing-features/