CVE-2018-17403

Name of the Vulnerable Software and Affected Versions PhonePe wallet (aka com.PhonePe.app) versions 3.0.6 through 3.3.26

Description The issue might allow attackers to impersonate a user and set up their account without their knowledge. To exploit this, the user has to explicitly install a malicious app and provide accessibility permission to the malicious app. The Android platform provides fair warnings to the users before turning on accessibility for any application. This is similar to installing malicious keyboards or malicious apps taking screenshots.

Recommendations For versions 3.0.6 through 3.3.26, consider uninstalling the app or restricting its accessibility permissions until a fix is available. As a temporary workaround, avoid installing malicious apps and do not provide accessibility permission to untrusted applications. Restrict access to sensitive account information to minimize the risk of exploitation.