A new piece of Android malware is making the rounds and it has some pretty dire implications for smartphone owners. This is by no means the first scary malware release Android users have seen, though it is certainly up there. The malware threat is called Albiriox, and when installed on a smartphone, it has the potential to take complete control of the device.
Analysis by security researchers at Cleafy shows that the malware is likely backed by Russian-speaking cybercriminals — a discovery they made after finding language clues and forum chat logs. Cleafy’s breakdown of the new threat also shows that it is not just targeting banking apps, either. It also goes for crypto apps and is designed for on-device fraud, which utilizes Android’s built-in accessibility features to let attackers remotely control the devices it is installed upon.
What is especially bad about this malware is that Albiriox is being sold as a “malware-as-a-service” subscription. Basically, this allows anyone to subscribe to gain access to the malware, allowing them to spread it however they want. This makes it especially dangerous, as different threat actors may try to distribute it in a variety of ways.
How to stay safe from Albiriox
Ultimately, the only way to stay safe from malware like this is to try your best to avoid fake apps, social engineering attempts, and smishing or phishing links. The latter will often mimic trusted brands or app store developers, and Cleafy notes that there was even one campaign that tricked users into downloading a fake “Penny Market” application that looked to direct users to a real Google Play Store page.
While Google has done a lot to improve safety and security on Android devices with Play Protect, the best defense is staying in the know and being mindful of what you interact with. Even if you never download a fake app, you could fall prey to SMS campaigns or other social engineering attempts.
Because Albiriox is so advanced, if it is installed on your device, it gives the bad actor full remote control of your device, allowing them to navigate to banking, crypto, and other apps. They can then start transferring funds using your own session, which makes it more difficult to contain.
Additionally, the malware is also equipped with “black-screen masking” features that help hide all of this activity behind a faked black screen — so they can drain your accounts without you even knowing until it is too late. Keep an eye open for vaguely named apps that might appear on your phone, and if you do find any, it’s highly recommended to scan your phone with a trusted Android malware app to check for any exposure. Then, you should proceed to remove spyware or malware as quickly as possible.
