Oscorp: Android malware threat
The malware is hidden in the Customer Care.apk file of the Customer Protection app published on a website. When the user installs the app, he is asked to activate the accessibility services that are exploited to obtain a series of permissions and therefore perform various functions, including that of a keylogger.Other malicious activities are reading and sending SMS, recording audio and deleting the apps on the smartphone. The malware can also make a call, steal Google's two-factor authentication PIN and steal Bitcoins. The theft of cryptocurrencies is performed by changing the wallet address for payments made with the Blockchain.com Wallet app.
Oscorp also tries to prevent its detection by blocking the most well-known antiviruses, including ESET, Avira and Avast. The malware also collects various information, such as the apps installed, the smartphone model and the name of the telephone operator.
Oscorp can also register the screen and show a screen (similar to the official ones), in which the user enters the login credentials. To avoid falling into the trap, it's best to turn off accessibility services if you don't need them. Obviously you have to download the apps only from the Google Play Store and not via APK files distributed by untrustworthy sites.
Source: CERT-AGID