Palo Alto Unit 42 reports newly identified Android applications being actively used to perpetrate financial fraud against Chinese users. The fraud actor - which remains to be identified - impersonates law enforcement officials claiming - ironically - that the target is in fact a victim of financial and, in order to enable law enforcement to provide protection, the victim needs to install an actor-provided application named "安全防" ("Security Protection").
This method enables to bypass both Google Play checks - as the application comes directly from the actor - and Android protection mechanism - as the user directly installs the APK on the device.
The pretext is that law enforcement needs access to the victim's account to review transactions for clues of fraud but, in fact, what the fraudsters do is to perform unauthorized transactions.
The malicious APK requires access to SMS and phone calls in order to prevent the victim from receiving alerts of the fraudulent activity.