According to a report by phonearena, “Albiriox” targets more than 400 banking and cryptocurrency applications by illicitly exploiting accessibility features. Making matters worse, this program is sold as a service (“MaaS”) for $650 per month, allowing any cybercriminal to use it without needing significant technical expertise, which has contributed to its rapid spread.
The campaigns to spread this malware rely on deceiving users by sending “SMS” messages and fake links that mimic official app stores. Cases have already been recorded in Austria where users fell victim to a fake application called “Penny Market,” which outwardly resembled the “Google Play” interface, but was actually loaded with a malicious tool.
“Albiriox” has capabilities that make it among the most dangerous threats facing the Android system to date. These capabilities include: direct control of the device via “VNC,” executing financial transactions within infected applications, displaying a black screen to hide the attacker’s activity, as well as pressing, navigating, and reading the screen through misuse of the accessibility feature, including bypassing various protection systems.
To avoid falling victim to this malware, experts recommend adhering to downloading applications from official stores only, avoiding opening links and messages from unknown sources, and verifying the developer’s identity, number of downloads, and reviews before installing any application, in addition to continuously updating the Android system and financial applications, reviewing the permissions of installed applications, especially those related to the camera, messages, and accessibility, and finally using multi-factor authentication. If any strange application appears with a general and unfamiliar name, it is preferable to perform a thorough scan of the device immediately using a reliable tool.
