Malicious apps on Android handsets can "pop up" over the original app and steal users' credentials, using a security flaw discovered independently by two research teams.

"In a case of great hackers thinking alike," the two teams demonstrated how the lookalike apps can "mimic" legitimate apps to steal personal information or display ads, Andy Greenberg reported on Forbs' The Firewall blog Monday.

The teams demonstrated their discoveries at hacking conventions in Las Vegas. They also demonstrated how security flaws in app encryption could be used to hijack apps' functions over the Internet.