Makes use of the framework's Accessibility service

Retrieves information displayed on the phone screen using AccessibilityService.

Queries a list of all the installed applications on the device (Might be used in an attempt to overlay legitimate apps)

Acquires the wake lock

Legitimate hosting services abused for malware hosting/C2

Makes use of the framework's foreground persistence service

Application may abuse the framework's foreground service to continue running in the foreground.

Requests enabling of the accessibility settings.