In late 2021 hackers began making a fake app similar to Maid4U, a real website, to steal people's account info. The fake Android apps linked to the purchase buttons are hosted on the attacker's servers. At this stage, a victim can avoid infection if they have chosen not to enable "Install unknown apps" -- a default security mechanism for Android handsets -- but if they install the software, they are shown different 'payment' options through the apps.
While two 'options' are displayed -- a credit card payment or a direct bank transfer -- the first option doesn't work. Left with bank transfers, victims are presented with a fake payment page that lists eight Malaysian banks: Maybank, Affin Bank, Public Bank Berhad, CIMB Bank, BSN, RHB, Bank Islam Malaysia, and Hong Leong Bank.
When users input their bank credentials, they are sent to the attacker's command-and-control (C2) server. The victim is then shown an error message.
"To make sure the threat actors can get into their victims' bank accounts, the fake e-shop applications also forward all SMS messages received by the victim to the operators in case they contain two-factor authentication (2FA) codes sent by the bank." This causes shoppers to trust it and get caught in a bad situation where their money is taken from their bank accounts.

This is exactly why I shop on very known websites and not random ones especially ones without written reviews