It is very scary if we become victims of this Malware. It is said that the Malware asks for access to be enabled and once given permission it will be able to monitor and control our devices by targeting existing applications to steal. Therefore I think we need to be aware to be careful about giving any access to our devices, and besides that I think there needs to be additional security for our devices by installing several antivirus applications that are certainly trusted and really often update against threats, so that it can prevent us from unwanted attacks.
That's a pattern malware can infiltrate devices, sometimes we do give them permission from our end.
Malware disasters are not something new for anyone who has been prioritizing security and privacy when dealing with sites and applications signed into.
Having antivirus will not save you from all attacks, i prefer just being conscious of what i browse, unsolicited patch files that come through my emails or SMS, i have received a few some time ago but i don't allow my inquisitiveness drive me towards downloading and opening such messages.
These viruses, malware, and trojans are evolving day by day. So having an antivirus won't be enough. Not to mention several antivirus companies like Avast, McAfee, and Kaspersky have faced many controversies in the past. So I wouldn't trust them to be 100% reliable! Who knows, they might be selling my personal data behind my back! Anyway, like you said, being self conscious should be the first approach, to make oneself aware of "do's" and "don'ts."
Lastly, no matter what we do or how many security procedures we follow, at the end of the day, one mistake and everything could be gone. So it's better to just store your private and financial information on a separate device without an internet connection. Because as long as you're connected to the internet, you are vulnerable to attack. I'm telling this from experience (two times ransomware attacks and one time clipboard virus attack victim, lol). P.s, nothing was lost.