Hackers are deploying fake Google Play pages to distribute Android malware in Brazil, transforming smartphones into crypto mining devices using XMRig. The malware also installs banking Trojans, with some variants specifically targeting Binance and Trust Wallet. These variants replace wallet addresses during USDT transfers, enabling remote control and data theft from affected devices.