According to experts, this malicious app is named “Todo: Day manager”. Before being removed from the Play Store, the app attracted over 1,000 downloads.
Experts believe this app contains a type of malware called Xenomorph. This malware can steal login credentials that users use for banking applications. From there, the malware quietly accesses the victim’s bank account and steals all the funds.
Notably, this type of malware can also intercept SMS messages and notify hackers of one-time passwords (OTP), bypassing even two-factor authentication. This makes it nearly impossible for users to protect their accounts from this malware.
Experts recommend that if users have already installed the “Todo: Day manager” app, they should immediately uninstall it from their smartphones to avoid having their bank accounts stolen.
According to PhoneArena, to avoid installing fraudulent applications, users should carefully read the reviews about the app before downloading, especially for developers they have never heard of before.