: The malware usually requests a set of high‑risk permissions (e.g., READ_SMS , ACCESS_FINE_LOCATION , READ_CONTACTS , READ_PHONE_STATE ). These permissions enable it to collect data and to interact with banking apps.