New Android malware threat can wipe your bank account
**Beware of Albiriox: A New Malware Threat Targeting Android Users**
Android users should exercise heightened caution when downloading applications, as a new and dangerous malware known as Albiriox has emerged, posing a significant threat to device security. According to fraud prevention experts at Cleafy, this malware can infiltrate devices through deceptive download pages that mimic legitimate Google Play Store listings for financial applications. Once installed, Albiriox grants malicious actors full remote control over the infected device, allowing them to access sensitive information and drain bank accounts without needing any passwords. This alarming capability underscores the importance of vigilance in app sourcing and security practices.
The mechanics of Albiriox’s operation are both sophisticated and alarming. The malware is cleverly concealed within fake download pages hosted on external websites, which appear to be legitimate. Users who unwittingly click the download button on these pages inadvertently enable the “install unknown apps” permission in their device settings, paving the way for the malware to take hold. After gaining access, the attackers can execute actions on the device remotely, such as swiping and clicking, without the user’s knowledge. This stealthy approach makes it difficult for victims to recognize that their devices have been compromised until it is too late. Experts recommend that users avoid downloading financial apps from any source other than the official Google Play Store to mitigate this risk.
While the Play Store is generally considered a safer platform for app downloads, it is important to remember that even legitimate app stores can harbor malicious software. Just last month, reports surfaced regarding six harmful Android apps that were found to be recording user data, including sensitive information from WhatsApp messages, phone calls, and even background audio. This highlights a broader issue within the mobile app ecosystem, where users must remain vigilant and prioritize security to protect their personal information. By sticking to trusted sources and being cautious about app permissions, Android users can better safeguard themselves against evolving threats like Albiriox.
https://www.youtube.com/watch?v=128WYj_x5Qk
Android
users, be careful about where your apps come from.
That’s because there’s a new and very sinister-sounding kind of malware going around on
Google’s
mobile OS, according to the fraud prevention experts at
Cleafy
(per
Android Authority
). Called Albiriox, the malware has been known to infect users’ devices, giving bad-faith actors full remote control over the device, at which point they drain the device owner’s bank accounts without even needing a password.
SEE ALSO:
Android 16 QPR2 arrives: 3 new features to check out
Cleafy goes into the nitty-gritty technical details on how this all works, but a basic summary is that the malware is being hidden in fake (but real-looking) Google Play Store download pages for financial apps on external sites. If you hit the download button on one of these pages, which, again, are not actually in the Play Store proper, you may be letting the malware onto your device. From there, it covertly enables the “install unknown apps” permission in the device settings, at which point the
really
bad stuff gets installed on your device.
From there, the bad actors can fully, remotely control your device without you noticing, performing actions like swipes and clicks from wherever they are. At that point, the hard part is over, and they can get to draining your bank account. It sounds like the best way to avoid this is to simply not download any weird financial apps from places that aren’t the Play Store. If you stick to downloading apps straight from the Play Store app, you should be fine.
That said, even apps on the official Apple App Store and Google Play Store can contain malware, as we’ve reported previously. Last month, we reported on
six malicious Android apps
that were recording user data, including WhatsApp messages, phone calls, and even background audio.
