A new Android malware allows cybercriminals to completely control infected devices.
It’s already targeting hundreds of finance and crypto apps worldwide.
Over 400 applications worldwide are currently under attack.
Hacker forums are boasting about the malware's VNC module. This tool takes advantage of Android's accessibility features, enabling remote control of devices by attackers.
Albiriox operates as a Malware-as-a-Service (MaaS). This means subscribers can distribute it as they see fit. Subscriptions begin at $650 monthly, offering criminals a ready-made solution without needing to develop their own malware.
Typical strategies involve deceptive applications and social engineering, such as SMS phishing or links that mimic reputable brands or app stores. One campaign deceived Austrian users using a bogus "Penny Market" application resembling a Google Play page, which installed a malicious program when clicked.
One of the initial targets of this new malware was the application of a prominent German discount supermarket chain.
To stay secure on Android, do not solely rely on Google Play Protect, even though it provides default protection against known malware on devices using Google Play Services. Attackers consistently spread fraudulent applications via SMS and other social engineering methods, therefore caution is crucial.
Albiriox is a sophisticated tool with capabilities that allow hackers to manage your device as if it were in their possession. Attackers can use live remote control and on-device fraud tools to access banking or cryptocurrency applications, initiate transfers, and approve them using your session.
Additionally, "Black-screen masking" conceals all activity behind a fake or black screen while the malware operates discreetly. Accessibility abuse automates actions, reads on-screen content, and bypasses security prompts.
If you find an application on your device with a vague name (like "security," "investment," or "utility") that you don't recall installing, immediately perform a thorough scan using a reliable Android malware application.
A more proactive approach involves preventing these suspicious applications from appearing in the first place. Use official app stores and be wary of links received via texts, emails, or messaging applications, as these are common avenues for distributing questionable apps.
When dealing with finance or shopping applications, confirm the developer's identity, verify the download count, and review user feedback instead of blindly clicking promotional links.
It is also important to keep your Android system, Google Play services, and all banking and cryptocurrency applications up to date, as each update includes new security enhancements. Pay close attention to permissions, and consider whether an application truly needs access to your camera, SMS, or accessibility features to function as intended.
Enable multi-factor authentication; using app-based or hardware-based codes instead of SMS for banking and cryptocurrency accounts adds an important layer of protection.
Adopting these practices will enhance the safety of your Android device and help keep malicious applications and potential security risks at bay.
One of the first apps to fall victim to this new malware was the app of a well-known German discount supermarket chain.