I work at Grab (SEA rideshare and licensed bank, but not licensed in VN).

A significant amount of fraud comes from scammers convincing victims to installed malicious apps. They fake being a customer service provider.

Banks don't want their customer's to lose their money and they don't have the tools to protect them from themselves. For all the privacy reasons, app stores don't even banks enough tools to identify and block this fraud.

Tricking someone into installing a malicious app usually doesn't involve them having a third-party or modified operating system on their phone. I'm asking about that because I believe it's a hypothetical risk rather than a problem in practice and I'm curious about any evidence to the contrary.