Anti-virus company ESET reported the discovery of a banking Trojan that is distributed in the official Google Play store. He was placed under "Education" under the title of DEFENSOR ID:
According to the description of the application, its goal is to enhance user safety by using end-to-end encryption. In fact it asks for some critical permission, among them — modify system settings:
ID DEFENSOR gets the opportunity to read the text that appears in any application and send it to the attackers, for example, SMS, login account cheats two-factor authentication. Thus, the malware is able to access the accounts of online banks, social networking and e-mail of the victim.
Along with DEFENSOR ID discovered another malicious application named Defensor Digital. They used the same C&C server. Currently, the program is already removed from Google Play.