So this is basically the same as the known autofill issues but the attack is served from a malicious app?

So disable autofill is still best practice mitigation.