This article is an excellent description of "Banker", an Android app designed to use very straightforward and efficient ways to steal all sort of credentials.
It also explains why Google protected several features behind additional permissions in Marshmallow:
– Draw over other apps:
A malware overlays anything it wants on screen, including with a transparent window, invisible but intercepting any touch event: which can let a malware guess everything you touch and type.
Now needs to be activated from the Apps "Configure Apps" settings.
– Apps with usage access:
A malware runs a background service to monitor which application activity is shown in front to the user like every second, and launches an activity or starts an overlay emulating legitimate credential / banking / credit card information request dialog.
Now needs to be activated from the Security settings.
Discussion on Hacker News: https://news.ycombinator.com/item?id=10619675
Android malware drops Banker from PNG file
Nowadays is malware trying to hide wherever it is possible to get under the radar of anti-virus companies. Lately I found Trojan dropper carrying malicious payload, encoded by base64, embedded inside an image file. It’s nothi…