I have no idea how I got an infostealer/session hijacker on my phone
It was a few weeks ago at this point, but there was definitely an infostealer or session jacker on my phone. My Microsoft account repeatedly had its password changed, bypassing the 2FA I had setup. My Facebook password changed as well. They had some sort of screen monitor software because my bank's username and password were changed from random strings of letters and numbers to something generic. I never had that username/password in a password saver or anything like that. I froze my bank account, got a new one and attached it to a new email. I was in the process of getting a new phone anyway so I used that to force logout of all Microsoft logins.
The thing is I have no idea how. Ive never downloaded anything shady. The only apps I had are "official" ones from the official store like my bank app, eBay and my Gym's app. I dont pirate anything, Ive never done a command "captcha" and I dont click on email links. Maybe they got my Outlook password?