NewForTech

Home » Latest » Security » Albiriox Android malware abuses financial apps for fraud and device manipulation

Albiriox Android malware abuses financial apps for fraud and device manipulation

0 hits

Albiriox Android malware abuses financial apps for fraud and device manipulation
2 minutes

Written by

Tech Insider (NewForTech Editorial Team)

in

  • New Android MaaS “Albiriox” focuses on banking and crypto apps for Austrian users
  • The malware uses fake apps, APK droppers and more than 400 overlays to steal sensitive data.
  • Researchers link campaign to Russian actors; Stolen information exfiltrated via Telegram

Android users are being attacked by a sophisticated new Malware as a Service (MaaS) that aims to gain access to their banking and crypto apps and ultimately steal their money and other valuables.

Recently, cybersecurity researcher Cleafy said they saw ads for Android malware called Albiriox on the dark web.

The tool apparently offers a “full spectrum” of features, including full remote control of the target device and more than 400 encrypted overlays for various banking, fintech, crypto and payment applications.

Fake software updates

Malware counterfeits all types of businesses, including PENNY. The attackers created a fake website and app listing pages on the Google Play Store and asked victims to enter their phone numbers. Those who do will receive the download link for an .APK file in an SMS or WhatsApp message.

Cleafy says the scam only works on Austrian phone numbers at the moment, but suggests the attack could easily spread to other parts of the world.

The APK is not malware itself, but rather a dropper.

“The malware uses droplet applications distributed via social engineering honeypots, combined with packaging techniques to avoid static detection and deliver its payload,” said Cleafy researchers Federico Valentini, Alessandro Strino, Gianluca Scotti and Simone Mattia.

After installation, the dropper asks for permission and a “software update”, which is nothing more than downloading the actual payload.

Albiriox allows attackers to take full control of mobile devices or use malware such as information stealers, stealing phone numbers, passwords and other sensitive information. All data will be transferred to a Telegram channel, he said.

Although this is difficult to attribute, it appears to be the work of a Russian actor. According to Cleafy, the attackers’ activities on cybercrime forums, their way of speaking and the infrastructure they use indicate their Russian origin.

IN hacker news