CVE-2018-17401
PhonePe wallet (com.PhonePe.app) versions 3.0.6–3.3.26 are reported vulnerable to an Account Takeover via the Forgot Password flow. Exploitation requires the user to install a malicious app and grant accessibility permission, leveraging Android warnings to bypass user oversight. Impact is describ...