A new vulnerability in the multitasking feature of Android can be exploited by a malicious app to masquerade as any other app on the device. The vulnerability resides in a multitasking function that can be used to hijack the task of any app installed on a device. By tricking users into thinking they are using a legitimate app, the vulnerability makes it possible for malicious apps to conveniently steal users’ credentials using fake login screens. At least 36 malicious apps have been identified in the wild that are exploiting the vulnerability.
Source: https://thehackernews.com/2019/12/strandhogg-android-vulnerability.html