近日，江蘇徐州一名男子經歷一場令人震驚的資安事件。據媒體報導，該男子因下載一款來路不明的「免費追劇軟體」，手機在夜間處於鎖屏狀態時被偷偷植入木馬病毒，導致個人金融資訊遭竊。醒來後，他赫然發現銀行帳戶與支付寶等支付平台被異常扣款，總金額高達2.96萬元人民幣。

根據事主描述，他是在某短影音平台上看到一則「免會員、全網熱劇免費看」的廣告，便點擊連結下載該款追劇APP。當時並未經過應用商店審核，安裝時還要求開啟多項手機權限，如通訊錄、訊息、螢幕懸浮、後台存取等。為看劇順利，全數同意。未料，該應用實則暗藏惡意後門，在用戶睡覺期間悄悄啟動，並利用手機本身的驗證機制，在事主毫不知情的情況下進行一連串盜刷操作。

警方調查指出，該惡意應用具備遠端操控能力，一旦手機綁定支付寶或微信等支付工具，即可藉由虛擬點擊、驗證碼攔截甚至螢幕錄影等方式實現「無卡支付」。此外，木馬還會自動刪除短信通知與帳變訊息，使事主直到金額大規模流失後才驚覺異常。

資訊安全專家表示，類似的資安風險在近年日趨嚴重，尤其是在非官方應用來源下載APP時，極易遭遇捆綁惡意軟體或間諜程式。使用者一旦授權過多敏感權限，就等同於將手機完全交由第三方控制。

對此，警方與專家也提醒大眾，一旦發現手機出現異常反應（如過熱、突然耗電、莫名彈窗、自己操作等），應立刻切換至飛行模式或直接拔出SIM卡，防止木馬病毒持續上傳數據或進行下一步交易。此外，應立刻卸載可疑應用，並盡快聯繫銀行與支付平台掛失帳戶、修改密碼、凍結資金。

這起事件再次提醒廣大用戶，「貪小便宜」的背後往往隱藏高風險。千萬不要為免費觀影或遊戲功能，而輕易放棄對手機安全的警覺。下載應用程式應始終選擇官方商店，並定期檢查授權狀態與手機中是否存在不明來源的軟體。唯有提高防範意識，才能守護好個人的資金與資訊安全。

Recently, a man in Xuzhou, Jiangsu Province experienced a shocking cybersecurity breach. According to media reports, the incident occurred after he downloaded a suspicious “free streaming app” to watch TV shows. While his phone was locked and unattended overnight, it was secretly infected with a Trojan virus, leading to the theft of his personal financial information. By the time he woke up, he was horrified to discover unauthorized transactions from his bank account and digital payment platforms such as Alipay, totaling a staggering 29,600 RMB.

The victim recalled seeing an advertisement on a short video platform promoting “free access to trending shows without a membership.” Tempted by the offer, he clicked the link and downloaded the app, which had not been vetted by any official app store. During installation, the app requested extensive permissions—including access to contacts, messages, floating windows, and background operations—which he granted in order to watch shows smoothly. Unbeknownst to him, the app contained a hidden backdoor. While he slept, it activated silently and exploited the phone’s built-in authentication mechanisms to carry out a series of fraudulent transactions, all without his awareness.

According to police investigations, the malicious app had remote control capabilities. Once the phone was linked to payment tools like Alipay or WeChat Pay, the virus could simulate virtual clicks, intercept verification codes, and even use screen recording to perform “cardless” payments. The Trojan would also delete SMS notifications and transaction alerts automatically, delaying discovery of the theft until significant sums had already been lost.

Cybersecurity experts warn that such risks are becoming increasingly common, especially when users download apps from unofficial sources. These apps often come bundled with malicious software or spyware. When users grant excessive permissions—especially those related to security, communications, or system-level access—they are effectively handing control of their device over to an unknown third party.

In response, both police and cybersecurity professionals urge the public to take immediate action if they notice unusual phone behavior, such as overheating, rapid battery drain, unexpected pop-ups, or unexplained activity. Users should switch to airplane mode or remove the SIM card immediately to prevent further data transmission or unauthorized transactions. Suspicious apps should be uninstalled right away, and users should promptly contact their bank and payment platforms to freeze accounts, change passwords, and secure their funds.

This incident serves as a stark reminder: chasing “free” entertainment often comes at a high cost. Never sacrifice your device’s security for the sake of convenience. Always download apps from official app stores, regularly review app permissions, and check for unfamiliar or unauthorized software. Only by remaining vigilant can users protect their personal finances and data from digital threats.