- Researchers have identified a new banking malware that replaces your actual banking app with a malicious one.
- It primarily spreads through APKs distributed via unmoderated channels such as messaging platforms.
- Once installed, the malware enables hackers to remotely control your device and hide their activities behind fake blank or update screens.
Just last week, we learned about a banking malware that exploits accessibility settings on Android to steal your bank credentials in the background. Now, we’re looking at another malware that not only enables remote attacks on Android devices but is distributed freely among hackers as part of a subscription service.
Researchers at Cleafy, an online fraud prevention firm, have discovered (via MalwareBytes) a new Android trojanware dubbed “Albiriox.” Just like Sturnus, which we learned about last week, Albiriox is distributed through infected or dummy APKs by luring potential targets into believing they are downloading actual apps. One of the ways that hackers use to achieve that is by creating fake replicas of Google Play Store listings, making users believe they are downloading apps from secure sources when they are actually not. Hackers also lure targets by posting fake promotions and offers, seeking contact details, and then delivering malicious APKs through messaging apps, such as WhatsApp and Telegram.