According to post on the Symantec blog, a new phishing campaign targeting Android users in Russia threatens to steal the mobile banking credentials of mobile banking users.

The payload is in a game that users download instead of a banking app. The malware has been dubbed Android.Fakelogin.

Satnam Narang, senior security response manager at Symantec, said the app searches for banking apps that may be running on the users' device, then creates an over page to disguise as that app.

Once installed, the malware poses as a replacement for the default SMS app and tries to register itself as the device administrator

Fortunately the app is not in the Google Play store. Again warning users to only download apps from a trusted source.

Security firms recommend the following measures to allow users to protect their devices against this threat:
•Install Android 6.0 Marshmallow once it’s made available to the device, as it blocks Android.Fakelogin’s functionalities.
•Use a comprehensive security solution to protect against mobile threats
•Keep software up to date
•Only install apps from trusted sources
•Pay close attention to the permissions requested by an app.

Source: Symantec