The payload allows screenshot capture, data and configuration exfiltration, remote code execution and file downloading.

The apps steal Poloniex login credentials, and trick victims into making their Gmail accounts accessible.

New campaign focused on stealing ICS and SCADA data