Helping a mobile malware fraud victim

An investigation into a July–August 2023 mobile fraud revealed a malicious Android app, "PDF AI: Add-On," that abused Accessibility permissions to keylog, read SMS, block user actions, and display phishing overlays (including Barclays), enabling theft of banking credentials and ~£12,000 in fraudulent transfers detected on August 2; the device exhibited unusual behavior consistent with compromise, and while fund recovery seemed unlikely, the victim was refunded; the report concludes with practical guidance on app permissions, backups, and factory resets.