TL;DR Researchers have identified a new banking malware that replaces your actual banking app with a malicious one.
It primarily spreads through APKs distributed via unmoderated channels such as messaging platforms.
Once installed, the malware enables hackers to remotely control your device and hide their activities behind fake blank or update screens.
Just last week, we learned about a banking malware that exploits accessibility settings on Android to steal your bank credentials in the background. Now, we’re looking at another malware that not only enables remote attacks on Android devices but also allows hackers to share access to your device as part of a subscription service.
Researchers at Cleafy, an online fraud prevention firm, have discovered (via MalwareBytes) a new Android trojanware dubbed “Albiriox.” Just like Sturnus, which we learned about last week, Albiriox is distributed through infected or dummy APKs by luring potential targets into believing they are downloading actual apps. One of the ways that hackers use to achieve that is by creating fake replicas of Google Play Store listings, making users believe they are downloading apps from secure sources when they are actually not. Hackers also lure targets by posting fake promotions and offers, seeking contact details, and then delivering malicious APKs through messaging apps, such as WhatsApp and Telegram.
As per the research firm, the technique is primarily deployed by threat actors based in Russia and neighboring regions. It has recently gained steam after being distributed as a Malware-as-a-Service (MaaS) on underground and dark web forums.
Don’t want to miss the best from Android Authority? Set us as a favorite source in Google Discover to never miss our latest exclusive reports, expert analysis, and much more.
to never miss our latest exclusive reports, expert analysis, and much more. You can also set us as a preferred source in Google Search by clicking the button below.
The APK files distributed by hackers are primarily used for one purpose, and that is to make the users enable the “Install unknown apps” permission on Android. Once that is achieved, the dropper app is used to install the actual destructive app, which contains Albiriox as the chief payload.
More than 400 fake apps targeting users across categories such as banking, fintech, digital payments, and cryptocurrency have already been intercepted by Cleafy. These tailored versions of apps allow hackers to perform transactions from users’ accounts directly instead of just stealing their login credentials.
... continue reading