Credit: Freestocks | Markus Spiske / Unsplash
By
Matthew Mountjoy
Published 2 hours ago
Sign in to your Android Police account
Summary
Generate a summary of this story
follow
Follow
followed
Followed
Like
Like
Thread
Log in
Here is a fact-based summary of the story contents:
Try something different:
Show me the facts
Explain it like I’m 5
Give me a lighthearted recap
I recently wrote about another banking malware that uses accessibility settings to steal information, such as bank credentials and other passwords, while running in the background. Now, more malware has been reported that not only enables remote attacks on Android devices but is also distributed freely among hackers as part of a subscription service.
More banking malware on the loose
Researchers at the online fraud prevention firm Cleafy have discovered a new Android trojanware dubbed Albiriox. Just like Sturnus, the malware reported last week, Albiriox is distributed through what are described as "dummy" or infected APKs to trick people into thinking they are downloading actual apps.
As Android Authority mentioned, one way hackers have baited people is by creating fake replicas of Google Play Store app listings. This, in turn, makes potential victims believe that they are downloading an app from a secure source, when in reality they are not. Hackers have also lured targets by posting fake promotions and offers, seeking contact details, and then delivering the malicious APKs through popular messaging apps like WhatsApp and Telegram.
According to the research firm, these techniques have mainly been used by hackers in Russia and other neighboring areas. It is said to have recently gained steam after being distributed as a Malware-as-a-Service (MaaS) on dark web forums.
The APK files distributed by hackers are mainly used to enable the "install unknown apps" permission on users' devices. Once that is enabled, the dropper app installs the current (and destructive) application that contains Albiriox.
More than 400 fake apps targeting users in categories such as banking, fintech, digital payments, and cryptocurrency have already been intercepted by the research agency, according to Android Authority. These app versions allow hackers to perform transactions directly on users' banking apps, rather than stealing their login credentials.
Since the malware operates silently and more behind the scenes, you should be mindful of any unusual apps that you install, especially when they seem related to banking or any other financial service. Always make sure you download apps from the official Google Play Store app and that you have the latest Play Protect update installed.
Regarding updates, always ensure your device is up to date with the latest supported firmware, as it includes patches for recently identified vulnerabilities. Likewise, Google recently released the Android Security Bulletin for December.
-
Operating Systems
We want to hear from you! Share your opinions in the thread below and remember to keep it respectful.
Be the first to post Images Attachment(s) Please respect our community guidelines. No links, inappropriate language, or spam.Your comment has not been saved
Send confirmation emailThis thread is open for discussion.
Be the first to post your thoughts.
- Terms
- Privacy
- Feedback
2 days ago
Android gets an abundance of updates and a new schedule for them
2 days ago
Android's December 2025 Security Bulletin is here
3 days ago
Google Messages change means your employer may be able to see your messages
4 days ago
How to delete duplicate photos on your Android
Trending Now
Google Wallet is getting personal in more ways than one
I replace these preinstalled apps on every new phone
Google will ease Android’s verification rules to keep sideloading alive