More than half of the Android mobile phones in use are susceptible to an advanced text-based phishing attack that only requires a cybercriminal make a $10 investment.
Check Point researchers found malicious actors using a remote agent to trick phone owners into accepting new phone settings that hand over various levels of control to the attacker. The attack vector is through a process called over-the-air (OTA) provisioning which is used by carriers to deploy network-specific settings to new phones coming onto their network.
Source: SC Magazine