{“lastseen”:”2025-12-01T16:05:12″,”description”:”Albiriox is a new family of Android banking malware that gives attackers live remote control over infected phones, letting them quietly drain bank and crypto accounts during real sessions.\\n\\nResearchers have analyzed a new Android malware family called Albiriox which is showing signs of developing rapidly and already has strong capabilities. Albiriox is sold as Malware-as-a-Service (MaaS), meaning entry-level cybercriminals can simply rent access and launch their own fraud campaigns. It was first observed in September 2025 when attackers started a limited recruitment phase.\\n\\nAlbiriox is an Android Remote Access Trojan (RAT) and banking Trojan built for on-device fraud, where criminals perform transactions directly on the victim\u2019s phone instead of just stealing passwords. It has a structured architecture with loaders, command modules, and control panels tailored to financial apps and cryptocurrency services worldwide.\\n\\nIn one early campaign, Albiriox targeted Austria. But unlike older mobile malware that focused on a single bank or country, Albiriox already targets hundreds of banking, fintech, payment, and crypto apps across multiple regions. Its internal application-monitoring database included more than 400 applications.\\n\\nSince it\u2019s a MaaS service, attackers can distribute Albiriox in any way they like. The usual methods are through fake apps and social engineering, often via smishing or links that impersonate legitimate brands or app stores. In at least one campaign, victims were lured with a bogus retailer app that mimicked a Google Play download page to trick them into installing a malicious dropper.\\n\\nThe first app victims see is usually just a loader that downloads and installs the main Albiriox payload after gaining extra permissions. To stay under the radar, the malware uses obfuscation and crypting services to make detection harder for security products.\\n\\n## What makes Albiriox stand out?\\n\\nAlbiriox combines several advanced capabilities that work together to give attackers almost the same control over your phone as if they were holding it in their hands:\\n\\n * **Live remote control** : The malware streams the device screen to the attacker, who can tap, swipe, type, and navigate in real time.\\n * **On\u2011device fraud tools:** Criminals can open your banking or crypto apps, start transfers, and approve them using your own device and session.\\n * **Accessibility abuse:** It misuses Android Accessibility Services to automate clicks, read on\u2011screen content, and bypass some security prompts.\\n * **Overlay attacks** (under active development): It can show fake login or verification screens on top of real apps to harvest credentials and codes, with templates that are being refined.\\n * **Black****\u2011****screen masking:** The malware can show a black or fake screen while the attacker operates in the background, hiding fraud from the user.\\n\\n\\n\\nThe live remote control is hidden by this masking, so victims don\u2019t notice anything going on.\\n\\nBecause the fraud happens on the victim\u2019s own device and session, criminals can often bypass multi-factor authentication and device-fingerprinting checks.\\n\\n## How to stay safe\\n\\nIf you notice strange behavior on your device or spot apps with generic names that include \u201cutility,\u201d \u201csecurity,\u201d \u201cretailer,\u201d or \u201cinvestment\u201d that you don’t remember installing from the official Play Store, run a full system with a trusted Android anti-malware solution.\\n\\nBut prevention is better:\\n\\n * Only install apps from official app stores whenever possible and avoid installing apps promoted in links in SMS, email, or messaging apps.\\n * Before installing finance\u2011related or retailer apps, verify the developer name, number of downloads, and user reviews rather than trusting a single promotional link.\\n * Protect your devices. Use an up-to-date real-time anti-malware solution like Malwarebytes for Android, which already detects this malware.\\n * Scrutinize permissions. Does an app really need the permissions it\u2019s requesting to do the job you want it to do? Especially if it asks for accessibility, SMS, or camera access.\\n * Keep Android, Google Play services, and all banking or crypto apps up to date so you get the latest security fixes.\\n * Enable multi-factor authentication on banking and crypto services, and prefer app\u2011based or hardware\u2011based codes over SMS where possible. And if possible, set up account alerts for new payees, large transfers, or logins from new devices.\\n\\n\\n\\n* * *\\n\\n**We don\u2019t just report on phone security\u2014we provide it**\\n\\nCybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.”,”published”:”2025-12-01T15:33:14″,”modified”:”2025-12-01T15:33:14″,”type”:”malwarebytes”,”title”:”New Android malware lets criminals control your phone and drain your bank account”,”source”:””,”references”:””,”id”:”MALWAREBYTES:584F1301B420437D26A8CD8979281562″,”bulletinFamily”:”blog”,”cwe”:null,”cvelist”:[],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/www.malwarebytes.com\/blog\/news\/2025\/12\/new-android-malware-lets-criminals-control-your-phone-and-drain-your-bank-account”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-12-01T16:05:12″,”description”:”Albiriox is a new family of Android banking malware that gives attackers live remote control over infected phones, letting them quietly drain bank and crypto…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,115,13,33,7,11,5],"class_list":["post-28074","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-malwarebytes","tag-news","tag-none","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n