A new Android app has been discovered that tricks unsuspecting users (even those with clean devices) into malicious versions of popular websites where they can give away their login details or, worse, their money.

The findings come courtesy of Kaspersky, which discovered that a malicious Android app containing Wroba.o/Agent.eq (aka Moqhao, XLoader) malware was being distributed.