CVE-2018-17400
The PhonePe wallet (com.PhonePe.app) for Android versions 3.0.6–3.3.26 is documented to support potential Account Takeover via interception of the user name and PIN during initial configuration. Exploitation requires the user to install a malicious app and grant it accessibility permission; the A...