UK bank users are now in the crosshairs of the Marcher malware.
The success of ransomware means more and more cybercriminals are attempting to get in on the action.
At first, the malware was used to steal credit card information by overlaying a fake screen when users accessed the Google Play app store, which would then request users' credit card number, expiration date, and CVV2 code.
"If the user clicks the link, it starts a three stepped process, deceives the user into enabling installation from unknown sources outside Google Play and then downloads the malicious app," Check Point said.
Once a device is infected with Marcher, the cybercriminals controlling it will send encourage users to log into their banking apps and thus hand over their details to the fraudsters by sending them an SMS message claiming that money has been deposited in their account.
On top of launching screens on app windows, Marcher also targets bank websites, going into action when victims use their browser to visit a set of predefined sites.