Albiriox, a new Android malware, is targeting over 400 banking and fintech apps to facilitate on-device fraud through remote access. This malware-as-a-service uses screen manipulation to steal credentials and intercept two-factor codes.
Distribution and Capabilities
Albiriox spreads via fake apps and dropper APKs, abusing Android's accessibility services to gain control. It executes commands like swipes, touches, and displays overlays mimicking login screens. Technical arsenal includes a remote access trojan (RAT) and integrates virtual network computing (VNC) for live screen streaming.
- Users infected via disguised apps
- Secondary controls by RAT and VNC
- Using Telegram bots for data exfiltration
Pricing and Origins
Available on underground forums, Albiriox's subscription starts at $720/month. It's linked to Russian-speaking developers, with evidence originating in Austria. Reports show activity on underground channels.
Impact and Security Measures
This malware can approve payments and access sensitive data, challenging user and institutional security measures. Enhanced behavioral analytics and mobile security solutions are recommended to mitigate risks.
Experts advise users against sideloading apps and scrutinizing permissions, especially accessibility access. Two-factor authentication and regular device updates are critical defenses.
