Malware always needs an angle to get you to click, and few things capture the spirit of the day like Pokémon Go.
Information theft is the tip of the malware iceberg, and inconvenient as it might be, the bigger issue is that those who have the ability to steal information, also have the ability to search and destroy. In the same way that someone who has gained anonymous access to a network can exfiltrate data, that same access level provides the ability to disable a system.
That coincided with the first true malware, programs with actual malicious intent. That was concurrent with personal computers and the Internet becoming a part of the everyday lives of ordinary people.
The best defense against such an attack is a properly implemented privileged identity management solution that can randomize the passwords on a continuous basis, and provide time-limited access to sensitive credentials. Using a workflow approvals mechanism prior to granting access to sensitive systems further reduces the value of these malware solutions to cybercriminals.