Attacks involved the utilization of a fraudulent Google Chrome app, which when installed triggers a prompt for updating Google Play Services and eventually downloads TrickMo as "Google Services" before seeking the approval of accessibility permissions.
Article Link: Updated TrickMo Android trojan emerges | SC Media