Imagine if a hacker could gain full control of your smartphone and stream everything on its screen to their own device? Well, a new Android banking trojan allows them to do just that but they can also tap, swipe, type and navigate through hijacked smartphones in real time.
According to a new blog post from the cybersecurity Malwarebytes, security researchers at the online fraud management firm Cleafy have discovered a new Android malware family called Albiriox that despite being fairly new, already offers advanced capabilities to cybercriminals looking to deploy this banking trojan in their attacks.
What makes Albiriox a serious threat for the best Android phones is the fact that it’s explicitly designed to perform On-Device Fraud. Unlike other malware that steals banking credentials so that hackers can login to a victim’s financial accounts from another device, this one allows them to do that and drain accounts right on an infected smartphone.
Here’s everything you need to know about this new malware strain along with some tips and tricks to help keep your Android phone safe from hackers.
Hiding behind a blank screen
Like other Android malware strains, Albiriox is often spread through malicious apps that unsuspecting users install on their devices by sideloading them. However, in one of the first Albiriox campaigns observed by Cleafy’s security researchers, they found that the hackers behind it were using fake Google Play Store pages to trick users into installing their malicious apps by making it appear legitimate.
In the example shared in a separate blog post, Cleafy points out that this fake page is almost an identical copy of the listing pages used by real Android apps on the Play Store. In fact, it even had screenshots of the fake app in question along with ratings and installation prompts. However, once a potential victim went to install it, a malware dropper hidden inside an APK was downloaded instead, completely bypassing the Google Play Store. While some Android users would immediately see this as a major red flag, others wouldn’t due to how much effort was put into perfectly copying an actual Play Store listing page.
From there, Cleafy’s researchers noticed that the cybercriminals behind Albiriox shifted their tactics and began using phishing instead of fake websites to spread the malware. Now instead of a direct APK download from a fake site, visitors were prompted to enter their mobile phone numbers with the site telling them that a download link would be delivered via WhatsApp.
Once potential victims downloaded this APK file, they’re met with a fake system update interface instead of the normal one you see when installing new Android apps. This is done to trick them into granting unnecessary permissions that the Albiriox malware needs access to in order to take over their smartphone. After this is done, the final payload is loaded and installed on their phones.
Although Albiriox is a new banking trojan, it can already target over 400 banking and financial apps. Like other malware strains, it uses overlay attacks to mimic a banking app’s login page in order to steal a victim’s credentials.
Another interesting feature baked into this malware is that it can hide an attacker’s actions on a device in plain sight. For instance, if a hacker is using that stolen password to log into a user’s bank account in order to drain their funds, Albiriox can display a black screen while they operate in the background. You often see black or blank screens when an app is loading, so for most people, this behavior wouldn’t be out of the ordinary.
Likewise, since the fraud happens on the device itself, hackers using this malware can bypass multi-factor authentication and other security checks by intercepting one-time, 2FA codes and inputting them directly when prompted to do so.
How to stay safe from banking trojans
Even though Albiriox is a rapidly evolving Android banking trojan, Cleafy has only observed attacks in Austria and other European countries so far. However, since this malware is distributed online to other cybercriminals to use in their own attacks, it could easily be repackaged and used to target Android users in the U.S., Canada and other countries around the world.For that reason, it’s definitely something you want to keep on your radar and prepare for.
One of the easiest ways to prevent your Android phone from coming down with a nasty malware infection is to avoid sideloading apps altogether. I know it may seem convenient at times — like say when a particular app is no longer available or can’t be downloaded in your region — but the high risk isn’t worth the reward. Fortunately, pretty much every Android smartphone has the option to install apps from unknown sources disabled by default. If you have enabled this feature though, you might want to consider disabling it unless it’s absolutely necessary for your work which it most likely won’t be.
From there, you want to ensure that Google Play Protect is enabled on your Android phone. This free, built-in security app automatically scans all of the new apps you download and install for malware as well as the existing ones on your phone. To add an extra layer of security though, you might want to consider running one of the best Android antivirus apps alongside it. Many of them include useful extras like a password manager, VPN and more to help keep you safe online.
Albiriox has definitely made a splash in the world of cybercriminals thanks to its advanced capabilities and rapid development which is why I don’t see this particular Android malware strain going anywhere anytime soon. As such, it’s up to you to practice good cyber hygiene, avoid installing apps from shady websites or ones sent to you on social media and to keep your device updated with the latest security patches.
Follow Tom's Guide on Google News and add us as a preferred source to get our up-to-date news, analysis, and reviews in your feeds.
More from Tom's Guide
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
