“Ghimob” is an Android banking Trojan targeting financial apps from banks, fintech companies, exchanges, and cryptocurrencies in Brazil, Latin America, and Europe. Once infection is completed, the hacker can access the infected device remotely, completing the fraudulent transaction with the victim’s smartphone. The Trojan, once installed on the device, functions a lot similar to other mobile RATs in that it masks its presence by hiding the icon from the app drawer and abuses Android’s accessibility features to gain persistence, disable manual uninstallation.
Source: https://thehackernews.com/2020/11/watch-out-new-android-banking-trojan.html