The new Android malware tries to force the victim to enable Accessibility Service in order to gain access to information displayed on the screen. Additional privileges also allow to record when playing audio and video materials.

Experts named the new malware Oscorp. They have found that a malicious APK file is distributed under the guise of some kind of security program from the supportoapp[.]com domain.

Once installed, the malware requests permissions to access Accessibility services and application usage statistics. In case of refusal, the malware reopens the settings menu, and does this every eight seconds pending receipt of desired privileges.

Once installed on the system, Oscorp collects information about its environment (installed applications, device model, mobile operator, etc.) and connects to the C2 server to receive additional commands.

The analysis showed that the new trojan can log keystrokes, initiate phone calls and send SMS, uninstall applications, record audio and video through WebRTC, steal text messages, 2FA codes from Google Authenticator. The malware can also overlay a phishing screen over the windows of some applications and intercept data entered into a fake form. Oscorp sends all collected information to its command server.

Source: anti-malware.ru