And it looks like Google software.
A new Android app will have the power to steal your bank details, destroy your privacy and take control of your phone, according to security firm FireEye.
The malware is believed to be an early example of a bank hijacking framework, and appears as an icon named Google Services in order to deceive users.
FireEye threat researchers, Jinjian Zhai and Jimmy Su, said: "We suspect in the near future there will be a batch of bank hijacking malware once the framework is completed.
"Right now, eight Korean banks are recognized by the attacker, yet the hacker can quickly expand to new banks with just 30 minutes of work."
Once installed the malware asks users for admin privileges, after which it uploads the user's phone number and contacts list to a server the hacker controls, and scans for banking apps.
Bank app antivirus is disabled before the software is replaced via the command and control (C&C) server, under the guise of a legitimate update.
"So far the part after the installation of the fake app is not finished yet. We believe the hacker is having some problems finishing the function temporarily," the researchers added.
"Given the unique nature of how this app works, including its ability to pull down multiple levels of personal information and impersonate banking apps, a more robust mobile banking threat could be on the horizon."
Source: Company Press Release