Digital transformation

Warning: Extremely dangerous malware for Android users.

Phan Van Hoa December 13, 2025 08:50

The explosion of financial apps and cryptocurrency wallets has made Android users attractive targets for cybercriminals. Recently, Albiriox – a new malware – is spreading globally and allows hackers to gain complete control of infected devices.

With banking, investment, and cryptocurrency transactions becoming more prevalent than ever, online threats are also becoming increasingly sophisticated. One such threat is Albiriox, an emerging Android malware that security experts have assessed as the "most serious risk of 2025" for mobile users.

Ảnh minh họa
Illustrative image.

Unlike typical banking malware that steals information, Albiriox can also take control of a device as if the hacker were holding the victim's phone in their hands.

Albiriox – Malware that operates like a “real attacker”

Albiriox first appeared as a private beta in September 2025 and launched publicly just a month later. Technical analysis suggests the development team is linked to Russian-speaking criminal forums, based on linguistic traces, behavior, and exchanges on underground channels.

What makes Albiriox dangerous is the way it utilizes its abilities.AccessibilityAndroid's Accessibility allows for the creation of a remote control module. This enables attackers to directly manipulate the device, from opening banking apps, viewing balances, making transactions, and even approving money transfer orders using the victim's login session.

Furthermore, Albiriox integrates anti-fraud mechanisms into the device, a technology usually only found in high-end security tools. This allows malware to bypass multiple authentication layers of banking or e-wallet applications.

Attacks targeted over 400 global financial applications.

According to investigative reports, Albiriox is targeting hundreds of banking, fintech, and cryptocurrency applications worldwide. This makes it a real threat to both individual users and financial institutions.

The methods of dissemination are also diverse and exploit psychological factors. Hackers have used fake applications on websites outside of Google Play; SMS messages containing malicious links; and non-technical attack campaigns impersonating reputable brands.

A recent campaign even tricked users in Austria into installing a fake app designed to look like the real Google Play page. After users downloaded it, Albiriox immediately activated on their devices without arousing suspicion.

Albiriox is offered on a "Malware-as-a-Service" (MaaS) model, meaning any criminal can rent the service to distribute malware. Rental prices start at $650 per month, including the ability to install and operate it without requiring any programming knowledge. This allows for a rapid increase in the number of attack campaigns, as the technical barrier to entry is virtually zero.

One of Albiriox's most alarming features is its black screen overlay. When hackers manipulate the system, users only see a black screen or a fake interface, while the malware silently executes commands remotely.

In addition, the featureAccessibilityIt was abused to read screen content, press buttons, scroll pages, and bypass authentication steps without the user's knowledge.

How can I tell if my device is showing signs of malfunction?

Users may suspect their device is infected if:

- Unusual applications with generic names like Security, Tools, Investment, and System Service have appeared.

- The phone activates automatically.Accessibilitywithout reason.

- The screen sometimes turns off unexpectedly even though the device is still running.

- The battery drains quickly or suspicious background activity appears.

When suspicious activity is detected, a thorough scan using a reputable security application is necessary, along with checking application access permissions, especially permissions.Accessibility.

How can I prevent Albiriox infection?

Experts recommend several important protective measures:

- Only download apps from Google Play or the official app store. Because 90% of malware campaigns start from external download links.

- Do not click on links in SMS, emails, or text messages from strangers. This is the most common method of attack.

- Carefully check the app's information: developer, number of installations, and genuine reviews.

- Regularly update your Android, Google Play Services, and financial apps.

- Restrict app permissions, especially Accessibility, SMS, and system access.

- Use multi-factor authentication with a code generator app (Authentication) or a physical security key instead of an SMS code.

Proactive prevention remains key. When users adhere to basic security principles and remain vigilant, the risk of being attacked by Albiriox or similar malware is significantly reduced.

0 0 0
x
Warning: Extremely dangerous malware for Android users.
Google News
POWERED BYFREECMS- A PRODUCT OFNEKO