Android malware automatically steals recovery phrase from Trust Crypto Wallet and restricts access to victims smartphone by blocking all the actions such as removing it and protecting its cryptocurrency fonds.
This malware can steal recover phrase only from Trust Crypto Wallet however, this malicious functionality can be implemented and performed against any cryptocurrency wallet or exchange, if the seed/recovery phrase is not protected by user’s or system PIN/password or two factor authentication (2FA).
This is possible because the malware misuses Accessibility services to make clicks in context of other apps.
The malware was tested on Android 10 and it can be removed either from Safe Mode or via ADB.
To my knowledge, this malware was discovered by @alberto__segura (https://twitter.com/alberto__segura/status/1448170494210068486)