Researchers recently uncovered FvncBot, an Android banking trojan disguised as a legitimate banking-security app, that abuses accessibility and VNC features to capture keystrokes, stream screens, and inject fraudulent transactions directly from compromised devices. Because the malware operates within genuine banking apps, it can bypass conventional checks and evade detection. This serves as another reminder that mobile devices used for banking demand stronger protections: minimal permissions, careful app sourcing, and real-time behavior monitoring are essential to guard against such sophisticated financial malware.
Read the full report here.