A sophisticated Android Trojan has been discovered that masquerades as trusted apps like news readers or digital ID applications. Once installed, it quietly operates in the background, stealing sensitive information such as login credentials and financial data. The malware exploits Android's Accessibility Services and overlay features to gain control over the device and capture user inputs. It targets banking and cryptocurrency apps, primarily in Southeast Asia, by overlaying fake login screens to steal credentials. The Trojan also connects to a remote command center, allowing attackers to update its functionality and erase traces of its activity. This threat emphasizes the growing need for robust mobile security measures.