A new malware, named Albiriox, targets Android users with the intention of draining their bank accounts and crypto wallets. Distributed as a service, this malware quickly adapts to bypass protections, making its detection particularly difficult. Discover how it operates and what you can do to protect yourself.
The 3 key facts not to miss
- Albiriox is a new Android malware targeting bank and crypto accounts.
- It uses sophisticated phishing techniques to infect devices.
- More than 400 applications, including Metamask and Coinbase, have been targeted.
Albiriox: a sophisticated Android malware
Discovered by Cleafy’s Threat Intelligence team, Albiriox is an Android malware designed for banking and crypto fraud. This malware quickly evolved to become a commercial offering accessible by subscription, a move that falls into the category of Malware-as-a-Service (MaaS). This model allows cybercriminals to rent the malware, exponentially expanding its reach.
Albiriox’s infection methods
In its initial campaigns, Albiriox was distributed via fraudulent SMS messages redirecting users to a fake Google Play Store page. Masquerading as Penny Market, a supermarket chain, the malware tricked victims into downloading a malicious APK. This technique then evolved, using fake promotional contests to entice users to provide their phone numbers and download the malicious APK.
Once installed, the malware establishes a connection with a C2 server, allowing attackers to take control of the infected smartphone. Through a remote control module, hackers can access the screen display, navigate menus, and divert funds from banking and crypto applications.
Targeted applications and precautions to take
Cleafy has identified over 400 applications targeted by Albiriox, including banking services and crypto platforms such as Metamask, Coinbase, and BitPay Wallet. Although the initial campaigns primarily targeted Austrian users, Albiriox’s model suggests a rapid adaptability to other regions.
To protect themselves, it is recommended not to click on links received via SMS or WhatsApp, especially if they come from unknown senders. Users should also avoid downloading applications outside the Play Store and carefully check the permissions granted, particularly accessibility rights, which should only be assigned to legitimate assistance applications.
Background and history of Cleafy
Cleafy is a cybersecurity company known for its expertise in detecting and preventing online threats. Founded to address the growing challenges of digital security, Cleafy has established itself as a key player in protection against malware and other cyber threats. Thanks to its advanced research teams, Cleafy continues to provide innovative solutions to counter cybercriminals and protect users worldwide.