According to recent data from ThreatFabric, malicious actors are using voice phishing (vishing) techniques to trick victims into installing Android malware on their devices. The Dutch mobile security company claimed to have discovered a phishing website network that targets Italians to use online banking to gather victims’ contact information. The social engineering technique, known as telephone-oriented attack delivery (TOAD), includes calling the victims and leveraging information already obtained from fraudulent websites. A criminal, who claims to be a bank assistance representative, asks the targeted persons to install a security program; in fact, they install malicious software designed to get remote access or commit financial fraud. In this case, it leads to the installation of Copybara, an Android virus that was originally identified in November 2021. Copybara’s RAT capabilities, like those of other Android-based malware, are supported by exploiting the accessibility services API of the operating system to capture private data and remove the downloader app to reduce its forensic footprints.