Android Users Face New WhatsApp Malware Threat  Cybersecurity researchers at security firm Cleafy have issued a warning regarding a high risk malware campaign aimed at Android users via WhatsApp messages that could jeopardize users' cryptocurrency wallets and bank information. The researchers tracked the threat as Albiriox, a new emerging Android malware family being marketed as malware-as-a-service (MaaS) on underground cybercrime forums.  Modus operandi  The malware propagate through WhatsApp messages which include links to malicious websites that impersonate Google Play Store pages. Currently, they are impersonating a popular discount retail app, but this could quickly change both in terms of campaigns and targets. Rather than having the app delivered directly, victims are persuaded to submit their phone number, on the premise that an installation link will be sent to them on WhatsApp.  After users tap on and download the trojanised app, Albiriox is able to take full control of the compromised device. The malware overlays attacks on more than 400 cryptocurrency wallet and banking apps — displaying fake login screens on top of the legitimate apps to capture credentials as users input them.  Albiriox is an advanced, rapidly evolving malware. The malware also features Vnc-based remote access, which gives the attackers the ability to directly control the infected machines. Initially, campaigns were targeted at Austrian citizens with German-language messages, but is now broadening its reach. The malware is obfuscated with JSONPacker and also it tricks users into allowing the "Install Unknown Apps" permission. When it is running, it contacts its command servers through unencrypted TCP and stays on the bot forever, maintaining active control through a regular series of ping-pong heartbeat messages.  Mitigation tips Security experts emphasize that users should never agree to install apps through phone number submission on websites. Any WhatsApp messages requesting app installations should be immediately deleted without clicking links. This distribution method represents exactly why Google is strengthening measures against sideloading, requiring app developers to register and verify their identities. Cleafy highlights that Albiriox demonstrates the ongoing evolution and increasing sophistication of mobile banking threats. However, users can protect themselves effectively by following several key practices: only install apps from the official Google Play Store, ensure Play Protect is activated, and remain skeptical of any unsolicited installation requests received through messaging apps.  The campaign highlights broader security concerns affecting WhatsApp and similar platforms, particularly as attackers combine social engineering with technical malware capabilities to compromise both devices and accounts.

Android Users Face New WhatsApp Malware Threat #Albiriox #AndroidTrojan #malware

Albiriox: il malware Android che svuota i conti correnti
#Albiriox #Android #App #BankingTrojan #CyberSecurity #Frode #GooglePlayProtect #MaaS #MalwareAndroid #Sicurezza #TechNews #Tecnologia #Trojan #Truffa
www.ceotech.it/albiriox-il-...

ASEC Blog publishes “Mobile Security & Malware Issue 1st Week of December, 2025” #### Tags: Albiriox Android GoldFactory Google malware SpeedSnatcher

Mobile Security & Malware Issue 1st Week of December, 2025 ASEC Blog publishes “Mobile Security & Malware Issue 1st Week of December, 2025”

#Mobile #Public #Albiriox #Android #GoldFactory #Google #malware #SpeedSnatcher

Origin | Interest | Match

Newly Sold Albiriox Android Malware Targets Banks and Crypto Holders Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

⚠️ New Android malware #Albiriox is spreading fast. It lets attackers take over phones and drain bank or crypto accounts, targeting 400+ apps. If you get unknown APKs via SMS or WhatsApp, do NOT install them.

Read: hackread.com/albiriox-and...

#CyberSecurity #MaaS #InfoSec #Android #Malware

Alert: Albiriox, a new Android malware-as-a-service, targets 400+ financial apps, enabling on-device fraud and real-time control. Stay vigilant! #CyberSecurity #AndroidMalware #Albiriox #MobileSecurity Link: thedailytechfeed.com/albiriox-mal...

Android Malware ‘Albiriox’ Grants Full Remote Bank Control Android users, it’s time to level up your security awareness. A new strain of banking malware, dubbed Albiriox, is making waves, and it’s not your run-of-the-mill threat. This isn’t just about stealing passwords; Albiriox grants attackers live remote control over your device, turning your phone into a puppet in their fraudulent schemes. The stakes are […]

Android Malware ‘Albiriox’ Grants Full Remote Bank Control

Android users, it's time to level up your security awareness. A new strain of banking malware, dubbed Albiriox, is making... #Albiriox

New Android malware 'Albiriox' targets 400+ financial apps, enabling on-device fraud and remote control. Stay vigilant and protect your devices. #CyberSecurity #MobileThreats #Albiriox Link: thedailytechfeed.com/albiriox-mal...

New Android malware lets criminals control your phone and drain your bank account Albiriox is a new family of Android banking malware that gives attackers live remote control over infected phones, letting them quietly drain bank and crypto accounts during real sessions. Researchers have analyzed a new Android malware family called Albiriox which is showing signs of developing rapidly and already has strong capabilities. Albiriox is sold as Malware-as-a-Service (MaaS), meaning entry-level cybercriminals can simply rent access and launch their own fraud campaigns. It was first observed in September 2025 when attackers started a limited recruitment phase. Albiriox is an Android Remote Access Trojan (RAT) and banking Trojan built for on-device fraud, where criminals perform transactions directly on the victim’s phone instead of just stealing passwords. It has a structured architecture with loaders, command modules, and control panels tailored to financial apps and cryptocurrency services worldwide. In one early campaign, Albiriox targeted Austria. But unlike older mobile malware that focused on a single bank or country, Albiriox already targets hundreds of banking, fintech, payment, and crypto apps across multiple regions. Its internal application-monitoring database included more than 400 applications. Since it’s a MaaS service, attackers can distribute Albiriox in any way they like. The usual methods are through fake apps and social engineering, often via smishing or links that impersonate legitimate brands or app stores. In at least one campaign, victims were lured with a bogus retailer app that mimicked a Google Play download page to trick them into installing a malicious dropper. The first app victims see is usually just a loader that downloads and installs the main Albiriox payload after gaining extra permissions. To stay under the radar, the malware uses obfuscation and crypting services to make detection harder for security products. ## What makes Albiriox stand out? Albiriox combines several advanced capabilities that work together to give attackers almost the same control over your phone as if they were holding it in their hands: * **Live remote control** : The malware streams the device screen to the attacker, who can tap, swipe, type, and navigate in real time. * **On‑device fraud tools:** Criminals can open your banking or crypto apps, start transfers, and approve them using your own device and session. * **Accessibility abuse:** It misuses Android Accessibility Services to automate clicks, read on‑screen content, and bypass some security prompts. * **Overlay attacks** (under active development): It can show fake login or verification screens on top of real apps to harvest credentials and codes, with templates that are being refined. * **Black****‑****screen masking:** The malware can show a black or fake screen while the attacker operates in the background, hiding fraud from the user. The live remote control is hidden by this masking, so victims don’t notice anything going on. Because the fraud happens on the victim’s own device and session, criminals can often bypass multi-factor authentication and device-fingerprinting checks. ## How to stay safe If you notice strange behavior on your device or spot apps with generic names that include “utility,” “security,” “retailer,” or “investment” that you don’t remember installing from the official Play Store, run a full system scan with a trusted Android anti-malware solution. But prevention is better: * Only install apps from official app stores whenever possible and avoid installing apps promoted in links in SMS, email, or messaging apps. * Before installing finance‑related or retailer apps, verify the developer name, number of downloads, and user reviews rather than trusting a single promotional link. * Protect your devices. Use an up-to-date real-time anti-malware solution like Malwarebytes for Android, which already detects this malware. * Scrutinize permissions. Does an app really need the permissions it’s requesting to do the job you want it to do? Especially if it asks for accessibility, SMS, or camera access. * Keep Android, Google Play services, and all banking or crypto apps up to date so you get the latest security fixes. * Enable multi-factor authentication on banking and crypto services, and prefer app‑based or hardware‑based codes over SMS where possible. And if possible, set up account alerts for new payees, large transfers, or logins from new devices. * * * **We don’t just report on phone security—we provide it** Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

New Android malware lets criminals control your phone and drain your bank account Albiriox now targets over 400 financial apps and lets criminals operate your phone almost exactly as if it were in ...

#Android #News #Albiriox #overlays #remote #control

Origin | Interest | Match

New Android malware lets criminals control your phone and drain your bank account Albiriox is a new family of Android banking malware that gives attackers live remote control over infected phones, letting them quietly drain bank and crypto accounts during real sessions. Researchers have analyzed a new Android malware family called Albiriox which is showing signs of developing rapidly and already has strong capabilities. Albiriox is sold as Malware-as-a-Service (MaaS), meaning entry-level cybercriminals can simply rent access and launch their own fraud campaigns. It was first observed in September 2025 when attackers started a limited recruitment phase. Albiriox is an Android Remote Access Trojan (RAT) and banking Trojan built for on-device fraud, where criminals perform transactions directly on the victim’s phone instead of just stealing passwords. It has a structured architecture with loaders, command modules, and control panels tailored to financial apps and cryptocurrency services worldwide. In one early campaign, Albiriox targeted Austria. But unlike older mobile malware that focused on a single bank or country, Albiriox already targets hundreds of banking, fintech, payment, and crypto apps across multiple regions. Its internal application-monitoring database included more than 400 applications. Since it’s a MaaS service, attackers can distribute Albiriox in any way they like. The usual methods are through fake apps and social engineering, often via smishing or links that impersonate legitimate brands or app stores. In at least one campaign, victims were lured with a bogus retailer app that mimicked a Google Play download page to trick them into installing a malicious dropper. The first app victims see is usually just a loader that downloads and installs the main Albiriox payload after gaining extra permissions. To stay under the radar, the malware uses obfuscation and crypting services to make detection harder for security products. ## What makes Albiriox stand out? Albiriox combines several advanced capabilities that work together to give attackers almost the same control over your phone as if they were holding it in their hands: * **Live remote control** : The malware streams the device screen to the attacker, who can tap, swipe, type, and navigate in real time. * **On‑device fraud tools:** Criminals can open your banking or crypto apps, start transfers, and approve them using your own device and session. * **Accessibility abuse:** It misuses Android Accessibility Services to automate clicks, read on‑screen content, and bypass some security prompts. * **Overlay attacks** (under active development): It can show fake login or verification screens on top of real apps to harvest credentials and codes, with templates that are being refined. * **Black****‑****screen masking:** The malware can show a black or fake screen while the attacker operates in the background, hiding fraud from the user. The live remote control is hidden by this masking, so victims don’t notice anything going on. Because the fraud happens on the victim’s own device and session, criminals can often bypass multi-factor authentication and device-fingerprinting checks. ## How to stay safe If you notice strange behavior on your device or spot apps with generic names that include “utility,” “security,” “retailer,” or “investment” that you don’t remember installing from the official Play Store, run a full system scan with a trusted Android anti-malware solution. But prevention is better: * Only install apps from official app stores whenever possible and avoid installing apps promoted in links in SMS, email, or messaging apps. * Before installing finance‑related or retailer apps, verify the developer name, number of downloads, and user reviews rather than trusting a single promotional link. * Protect your devices. Use an up-to-date real-time anti-malware solution like Malwarebytes for Android, which already detects this malware. * Scrutinize permissions. Does an app really need the permissions it’s requesting to do the job you want it to do? Especially if it asks for accessibility, SMS, or camera access. * Keep Android, Google Play services, and all banking or crypto apps up to date so you get the latest security fixes. * Enable multi-factor authentication on banking and crypto services, and prefer app‑based or hardware‑based codes over SMS where possible. And if possible, set up account alerts for new payees, large transfers, or logins from new devices. * * * **We don’t just report on phone security—we provide it** Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

New Android malware lets criminals control your phone and drain your bank account Albiriox now targets over 400 financial apps and lets criminals operate your phone almost exactly as if it were in ...

#Android #News #Albiriox #overlays #remote #control

Origin | Interest | Match

New Albiriox MaaS Malware Targets 400+ Apps for On-Device Fraud and Screen Control participation on cybercrime forums read more about New Albiriox MaaS Malware Targets 400+ Apps for On-Device Fraud and Screen Control

New Albiriox MaaS Malware Targets 400+ Apps for On-Device Fraud and Screen Control reconbee.com/new-albiriox...

#Albiriox #MaaS #malware #malwareattack #apps #screencontrol #cyberattack #cybercrime

Original post on securityaffairs.com

Emerging Android threat ‘Albiriox’ enables full On‑Device Fraud Albiriox is new Android MaaS malware enabling on-device fraud and real-time control. It targets 400+ banking, fintech, crypto, ...

#Breaking #News #Cyber #Crime #Malware #Mobile #Albiriox […]

[Original post on securityaffairs.com]

Alert: Albiriox malware is targeting Android users, granting attackers full device control to bypass security and drain financial accounts. Stay vigilant! #CyberSecurity #AndroidMalware #Albiriox Link: thedailytechfeed.com/new-albiriox...

Alert: Albiriox malware is targeting Android users, granting attackers full device control to bypass security and drain financial accounts. Stay vigilant! #CyberSecurity #AndroidMalware #Albiriox Link: thedailytechfeed.com/albiriox-mal...