A new Android banking trojan can stay connected with its command & control servers, even after infected devices have gone dormant. AndroidFakebank.B disguises itself as a legitimate app for instance, the Chrome browser to trick a user into granting them the necessary permission. The malwares main functionality is to check to see if any of the following banking applications are installed on the infected device. If the trojan finds one of those apps, it will delete it and ask the user to install a malicious copy.”]
Source: https://grahamcluley.com/android-banking-malware-remains-active-infected-devices-sleep-save-power/