1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Android malware Albiriox abuses 400+ financial apps in on-device

    From TechnologyDaily@1337:1/100 to All on Monday, December 01, 2025 15:15:09
    Android malware Albiriox abuses 400+ financial apps in on-device fraud and screen manipulation attacks

    Date:
    Mon, 01 Dec 2025 15:04:35 +0000

    Description:
    A new MaaS is circulating around the dark web, offering a full service for defrauding Android users.

    FULL STORY ======================================================================New Android MaaS Albiriox targets Austrian users banking and crypto apps Malware uses fake apps, dropper APKs, and 400+ overlays to steal sensitive data Researchers link campaign to Russian actors; stolen info exfiltrated via Telegram

    Android users are being targeted by a new, sophisticated malware-as-a-service (MaaS), aimed at gaining access to their banking and crypto apps and, ultimately, stealing their money and other valuables.

    Recently, cybersecurity researchers Cleafy said they saw Android malware
    named Albiriox being advertised on the dark web.

    The tool is apparently offering a full spectrum of features, including complete remote control of the target device, and more than 400 hardcoded overlays for different banking, fintech, crypto, and payment apps. Fake software updates

    The malware is spoofing all kinds of businesses, including PENNY. The attackers would create a fake landing page and Google Play Store app listings pages, and would ask the victims to share their phone numbers. Those that do would get the download link for an .APK file in an SMS or WhatsApp message.

    For now, Cleafy says, the scam works only on Austrian phone numbers, but
    hints that the attack can easily spread to other parts of the world.

    The APK is not the malware itself, but rather a dropper.

    "The malware leverages dropper applications distributed through social engineering lures, combined with packing techniques, to evade static
    detection and deliver its payload," Cleafy researchers Federico Valentini, Alessandro Strino, Gianluca Scotti, and Simone Mattia said.

    When installed, the dropper prompts for permissions and asks for a software update which is nothing more than the download of the actual payload.

    Through Albiriox, the attackers can take over the mobile devices entirely, or they can use the malware as an infostealer, exfiltrating phone numbers, passwords, and other sensitive information. All data is being pulled to a Telegram channel, it was said.

    Although attribution is difficult, this seems to be the work of a Russian threat actor. Cleafy says the attackers activity on cybercrime forums, the
    way they speak, and the infrastructure they use, all suggests their Russian origins.

    Via The Hacker News

    Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the
    Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/android-malware-albiriox-abuses-400-fin ancial-apps-in-on-device-fraud-and-screen-manipulation-attacks


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)