This hack still starts out with a phishing email.
My favorite quote from one of the comments:
So, the “victim” has to open an e-mail from a source they may not have contacted, use a computer that permits malware to be installed, fail to check that the URL of their bank’s purported website doesn’t resemble the normal URL, and accept a suggestion to install an Android app.
Ultimately no amount of automation will protect people who do not protect themselves. Caveat emptor still applies.