This is a scary malware, how can we contract this malware though? Because it's not said or is vague, it's a big help if we know how our devices get infected by this malware, hopefully everyone will stay safe, this is a scary one as it can bypass 2FA.
Fake apps in GS, apk downloaded from weird websites, that's the usual way to get it.
Don't download anything fishy, don't trust any website repository because even if they are legit they might be themselves hacked and are distributing malware, don't run any updated that pop in your browser, don't run any auto-downloaded stuff.
And of course, don't open random attachments from strangers.
Also, normally it would be better to not have the 2FA on the same smartphone you use for daily routine, or not install sensitive apps on it, carrying a wallet app with a few thousand around is dangerous even for real-life situations, not just malware attacks.