Anyone that uses Android devices is at risk for this attack. People should ensure that when downloading apps on their mobile devices, they are doing so from authorized app stores and not unknown third-party stores. Google does a good job at identifying malicious apps and taking them down from the play store, whereas other app stores might not be as strict. Anytime someone receives an email from an unknown sender they should be cautious of any links in the email and not click on them without first verifying the sender. The lures in this case included an offer for free Netflix or Google AdWords as well as asking recipients to vote on their favorite soccer team. When using social media, people should understand that it is possible for these accounts to be taken over and if they normally do not communicate through the social media platforms with certain people, they should not open messages from them without confirming with the account owner that they meant to send the message. Companies that offer Android devices to employees should make sure the devices have security settings and controls on them to identify when malware has been downloaded and stop the download of apps from unknown sources.
More can be read here: https://www.infosecurity-magazine.com/news/new-android-trojan-hijacks-social/