McAfee researchers recently uncovered new Android malware that can be controlled remotely, and is designed to steal passwords from a victim's mobile device.

"The malicious application targets specific well-known financial entities posing as a Token Generator application," writes McAfee's Carlos Castillo.

"When the application executes, it shows a WebView component that displays an HTML/JavaScript web page that pretends to be a Token Generator," Castillo writes. "The web page also appears to be from the targeted bank (same variant of the malware but with different payload)."

Go to "Android Malware Pairs Man-in-the-Middle With Remote-Controlled Banking Trojan" to read the details.

For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.