An Android Remote Access Trojan masquerades as a legitimate Anti-Virus application that transmits via phishing email messages.
Named SandroRAT, The malware targets users’ mailbox, and transmits via a an email message which states that users’ (particular) bank is providing a free mobile security application to detect malware that steals SMS codes for authorizing electronic transactions.
This email message is transmitted to users’ mailbox, with the subject “Caution! Detected Malware on your phone!”, which seemingly tricks mobile users into opening and downloading the rogue attachment. However, the attachment is in fact a variant of the SandroRAT malware that steals users’ confidential data, and transmits stolen data to cyber criminals.