駭客透過偽造 Google Play 頁面散佈惡意應用，在巴西大規模感染 Android 裝置。使用者下載後，手機會被改為加密貨幣挖礦設備（例如執行 XMRig），同時部分版本還植入銀行木馬程式，在 Binance、Trust Wallet 等應用中攔截 USDT 轉帳並更換收款地址。

該惡意軟體隱蔽性極高，會依據電量、溫度等條件動態控制挖礦行為，並透過 Firebase 等正規服務遠端操控裝置，甚至支援錄音、截圖、鍵盤記錄等功能。

Hackers are spreading malicious apps by forging Google Play pages, causing large-scale infections of Android devices in Brazil.

After users download the apps, their phones are converted into cryptocurrency mining devices (such as running XMRig). Meanwhile, some versions also embed banking trojans that intercept USDT transfers in apps including Binance and Trust Wallet and replace the recipient address.

This malware features strong concealment: it dynamically controls mining activity based on battery level, temperature, and other conditions, remotely controls devices through legitimate services like Firebase, and even supports functions such as audio recording, screenshots, and keylogging.