- Pro
- Security
A new MaaS is circulating around the dark web
Comments (0) ()When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.
Behöver du en VPN till din Android?
(Image credit: Shutterstock)
- New Android MaaS “Albiriox” targets Austrian users’ banking and crypto apps
- Malware uses fake apps, dropper APKs, and 400+ overlays to steal sensitive data
- Researchers link campaign to Russian actors; stolen info exfiltrated via Telegram
Android users are being targeted by a new, sophisticated malware-as-a-service (MaaS), aimed at gaining access to their banking and crypto apps and, ultimately, stealing their money and other valuables.
Recently, cybersecurity researchers Cleafy said they saw Android malware named Albiriox being advertised on the dark web.
The tool is apparently offering a “full spectrum” of features, including complete remote control of the target device, and more than 400 hardcoded overlays for different banking, fintech, crypto, and payment apps.
You may like-
This dangerous new Android malware disguises itself as a VPN or IPTV app - so be on your guard
-
This devious Android malware spoofs WhatsApp, TikTok and more - here's how to stay safe
-
Watch out, these malicious Android apps have been downloaded 42 million times - and could leave you seriously out of pocket
Fake software updates
The malware is spoofing all kinds of businesses, including PENNY. The attackers would create a fake landing page and Google Play Store app listings pages, and would ask the victims to share their phone numbers. Those that do would get the download link for an .APK file in an SMS or WhatsApp message.
For now, Cleafy says, the scam works only on Austrian phone numbers, but hints that the attack can easily spread to other parts of the world.
The APK is not the malware itself, but rather a dropper.
"The malware leverages dropper applications distributed through social engineering lures, combined with packing techniques, to evade static detection and deliver its payload," Cleafy researchers Federico Valentini, Alessandro Strino, Gianluca Scotti, and Simone Mattia said.
Are you a pro? Subscribe to our newsletterContact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.When installed, the dropper prompts for permissions and asks for a “software update” which is nothing more than the download of the actual payload.
Through Albiriox, the attackers can take over the mobile devices entirely, or they can use the malware as an infostealer, exfiltrating phone numbers, passwords, and other sensitive information. All data is being pulled to a Telegram channel, it was said.
Although attribution is difficult, this seems to be the work of a Russian threat actor. Cleafy says the attackers’ activity on cybercrime forums, the way they speak, and the infrastructure they use, all suggests their Russian origins.
Via The Hacker News
The best antivirus for all budgetsOur top picks, based on real-world testing and comparisons➡️ Read our full guide to the best antivirus1. Best overall:Bitdefender Total Security2. Best for families:Norton 360 with LifeLock3. Best for mobile:McAfee Mobile Security
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
TOPICS Malware Sead FadilpašićSocial Links NavigationSead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
Logout Read more
This dangerous new Android malware disguises itself as a VPN or IPTV app - so be on your guard
This devious Android malware spoofs WhatsApp, TikTok and more - here's how to stay safe
Watch out, these malicious Android apps have been downloaded 42 million times - and could leave you seriously out of pocket
New Android RAT uses Near Field Communication to automatically steal money from devices
Android spyware pretends to be Signal or ToTok update to fool victims - here's how to stay safe
The 'Swiss army knife' of malware emerges - Hook v3 can do ransomware, keylogging, DDoS, screen capture, and far more
Latest in Security
Security researcher uncovers 17,000 secrets in public GitLab repositories
Millions of footballers see info leaked after French Football Federation suffers data breach
Tor adds another layer to the onion with a new relay encryption algorithm - boosting resilience and security across the board
Take extra care shopping for Black Friday deals - experts find thousands of fake websites looking to steal your details
Microsoft Teams guest access could let hackers bypass some critical security protections
Many of us aren't confident we could spot a fake website this Black Friday - so be on your guard
Latest in News
GTA 6 leak supposedly from former Rockstar animator drops new content clues
Windows 11 File Explorer fudge works, I just wish it was fixed properly
Brace yourself, ChatGPT fans – your conversations could get ads soon
OnePlus 15R confirmed to get Snapdragon 8 Gen 5 chipset, 165Hz display, and more
Some Apple Watch Series 10 users are reportedly getting free replacements
Android malware Albiriox abuses 400+ financial apps in on-device fraud and screen manipulation attacks
LATEST ARTICLES- 1Android malware Albiriox abuses 400+ financial apps in on-device fraud and screen manipulation attacks
- 2NYT Connections hints and answers for Tuesday, December 2 (game #905)
- 3Quordle hints and answers for Tuesday, December 2 (game #1408)
- 4NYT Strands hints and answers for Tuesday, December 2 (game #639)
- 5GTA 6 leak supposedly from former Rockstar animator drops new content clues
