The iBanking application is able to spy on phone calls and SMSes on Android phones and tricks users into installing a fake Facebook application.
Once installed, it demands a phone number so that hackers can take over a user's bank account.
“This bot is extremely invasive; hackers are able to listen to calls been made, intercept SMS messages and even listen to your private conversations. Of course, If they have this much power of your phone, they can most certainly break into any online banking," warned Lee Bristow, security consultant at ESET Southern Africa.
The company specialises in security solutions with a focus on antivirus software. The firm is based in Bratislava, Slovakia.
Warning signs
Some of the warning signs include the fact that the application is hosted on a third party site and is riddled with spelling and grammar errors.
According to research from mobile industry tracker Gartner, Android powers around 80% of smartphones globally and the result is that it makes an ideal target for criminals.
As many new users come online with Android devices - especially those have skipped PCs - hackers are likely to exploit them in order to steal personal data that could be used in criminal endeavours.
Android users should ensure that it is generally safer to only install apps from the official Google Play Store.
The iBanking app represents a new level of sophistication to try and steal user account information, said ESET.
"iBanking is an application that showcases complex features when compared with other earlier mobile banking malware. It can be used in conjunction with any malware able to inject code into a webpage and is generally used to redirect incoming SMS messages to bypass two-factor authentication."
Check out our News24 video explanation:
- Follow Duncan on Twitter