"A new Android malware named Albiriox has been advertised under a malware-as-a-service (MaaS) model to offer a "full spectrum" of features to facilitate on-device fraud (ODF), screen manipulation, and real-time interaction with infected devices. The malware embeds a hard-coded list comprising over 400 applications spanning banking, financial technology, payment processors, cryptocurrency exchanges, digital wallets, and trading platforms. The malware leverages"
"Prospective customers are provided access to a custom builder that, per the developers' claims, integrates with a third-party crypting service known as Golden Crypt to bypass antivirus and mobile security solutions. The end goal of the attacks is to seize control of mobile devices and conduct fraudulent actions, all while flying under the radar. At least one initial campaign has explicitly targeted Austrian victims by leveraging German-language lures and SMS messages containing shortened links"
"that lead recipients to fake Google Play Store app listings for apps like PENNY Angebote & Coupons. Unsuspecting users who clicked on the "Install" button on the lookalike page are compromised with a dropper APK. Once installed and launched, the app prompts them to grant it permissions to install apps under the guise of a software update, which leads to the deployment of the main malware."
Albiriox is an Android malware offered under a malware-as-a-service model that provides features to enable on-device fraud, screen manipulation, and real-time interaction with infected devices. The malware contains a hard-coded list of over 400 finance-related applications. Delivery uses dropper APKs distributed via social engineering lures and packing techniques to evade static detection. A custom builder integrates with a third-party crypting service called Golden Crypt to bypass antivirus and mobile security. Operators aim to seize control of devices and conduct fraudulent actions stealthily. One campaign targeted Austrian users with German-language lures and fake Google Play pages that deploy a dropper prompting permissions to install the main malware.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]