A prolific and powerful form of Android malware has switched its attention to online banking applications, using abilities including keylogging to steal usernames and passwords for bank accounts, social media profiles and more.

Dubbed Android.Banker, the malware first appeared in May, infecting an estimated 300,000 devices and making off with a small fortune from infected users via online banking accounts and PayPal.

A new variant of the malware was spotted recently by researchers at Kaspersky Lab, who said they spotted more than 600 unique malicious applications using the same source code. The new variants include ones that steal usernames and passwords for Facebook and Gmail accounts, among others.

“The malware can easily bypass apps filtering mechanisms on phone when it comes to accessing private information stored on the device,” reads a blog post by Kaspersky Lab researchers Roman Unuchek and Riccardo Bigatti-Prados.

‍

Source: Now this password-stealing Android malware wants to grab your bank details too | ZDNET