“That’s not possible,” she whispered. Her phone hadn’t left her pocket. Her passwords were strong. Two-factor authentication was on.

The hack wasn’t sophisticated. It was lazy, almost bored. It bypassed nothing—it just waited. When Layla logged into her banking app over public Wi-Fi at the coffee shop, Jwjl scooped the session token like a child stealing a cookie.

Yet somewhere in the silent logic of the device, a door had been left open. She’d downloaded a “network optimizer” last week from a pop-up ad—something called Jwjl Boost. It had requested no permissions, shown no ads, done nothing visible. But under the hood, on the Exynos chipset of her A13 5G, a tiny thread of code had been whispering to a remote server.

Layla never thought much about her old Samsung Galaxy A13 5G. It was reliable, unremarkable—a workhorse with a plastic back and a screen she’d cracked twice. But tonight, as she scrolled through her bank notifications, her blood ran cold.