CVE-2018-17402

Name of the Vulnerable Software and Affected Versions PhonePe wallet (aka com.PhonePe.app) versions 3.0.6 through 3.3.26

Description The issue might allow attackers to discover sensitive information, including Credit/Debit card numbers, expiration dates, and CVV numbers. To exploit this, a user must explicitly install a malicious app and provide accessibility permission to the malicious app. The Android platform provides warnings to users before enabling accessibility for any application. This is similar to the risks associated with installing malicious keyboards or apps that take screenshots.

Recommendations For versions 3.0.6 through 3.3.26, consider uninstalling the app or restricting its accessibility permissions until a fix is available. As a temporary workaround, avoid installing unknown or untrusted apps, and be cautious when providing accessibility permissions to any application.