Hackers have wormed their way into the Google Play Store, as evidenced by the recent BankBot malware trickery. Simple dummy apps doubled as Trojan horses, and once an unsuspecting user downloaded these flashlight or solitaire apps, they also downloaded and installed the malware onto their device. Then, when they would try to open their banking app, the malware would actually pose as the banking app by creating a fake overlay over the real banking app and trick the user into entering their banking details. The kicker here was that the dummy apps actually worked! Your new flashlight app was a flashlight . . . until it started wreaking havoc on your day and your bank account.
Read more here:: Avast