Newly emergent Albiriox malware-as-a-service believed to have been managed by Russian-speaking threat actors has been targeting mobile banking and cryptocurrency apps, as well as facilitating total Android device takeovers, GBHackers News reports.
Attacks involving Albiriox commence with SMS messages with links redirecting to fraudulent websites masquerading as the Google Play Store and other legitimate services where an app could be downloaded, according to Cleafy researchers. Downloading the fake apps installs a dropper for Albiriox, which displays a bogus system update screen to enable the "Install Unknown Apps" permission and eventually allow device hijacking.
Aside from leveraging a VNC-based remote access tool to allow real-time device control and monitoring, Albiriox also harnesses overlay attacks to exfiltrate credentials from more than 400 financial apps, including banks, digital wallets, cryptocurrency exchanges, and payment processors, worldwide. Avoiding compromise with Albiriox necessitates the implementation of two-factor authentication and up-to-date security software.
Attacks involving Albiriox commence with SMS messages with links redirecting to fraudulent websites masquerading as the Google Play Store and other legitimate services where an app could be downloaded, according to Cleafy researchers. Downloading the fake apps installs a dropper for Albiriox, which displays a bogus system update screen to enable the "Install Unknown Apps" permission and eventually allow device hijacking.
Aside from leveraging a VNC-based remote access tool to allow real-time device control and monitoring, Albiriox also harnesses overlay attacks to exfiltrate credentials from more than 400 financial apps, including banks, digital wallets, cryptocurrency exchanges, and payment processors, worldwide. Avoiding compromise with Albiriox necessitates the implementation of two-factor authentication and up-to-date security software.





