The source code for the Android banking Trojan Exobot 2.5, also known as the Trump Edition, got on the web. Malicious programs based on this code are dangerous even for smartphones with Android Oreo.
According to the Bleeping Computer, in May 2018, an unknown person published a code on the Internet, which was later distributed through hacker forums. The first version appeared in late 2016, but in early 2018, its developers decided to sell the source.
ThreatFabric security researcher Cengiz Han Sahin analyzed Exobot. He claims that this Trojan does not need additional permissions to activate.
The interesting part here is that no Android permissions are required. All other Android banking trojans families are using the Accessibility ore Use Stats permissions to achieve the same goal and therefore require user interaction with the victim.
Cengiz Han Sahin