Hackers spread malicious apps through fake Google Play pages, causing large-scale infections of Android devices in Brazil. After download, phones are converted into cryptocurrency mining devices (such as running XMRig), while some versions also embed banking trojans that intercept USDT transfers in apps like Binance and Trust Wallet, replacing recipient addresses. The malware has strong concealment capabilities, dynamically controlling mining behavior based on battery level and temperature, and remotely controlling devices through legitimate services like Firebase, even supporting functions such as audio recording, screenshots, and keystroke logging. (Cryptopolitan)