Dec 09, 2025
3 min read
Albiriox now has more than 400 apps, allowing criminals to operate your phone almost like their hands.
Albiriox is a new family of Android banking malware that gives attackers direct remote control over infected phones, allowing them to silently drain bank and crypto accounts during real sessions.
The researchers selected a new family of roid roids called albierox, which show fast growth and advanced abilities.Albuyox is sold as a malware-as-a-service, which means entry-level cybercriminals can easily deploy and launch their own phishing campaigns.It was first seen in September 2025 when the attackers started a certain recruitment phase.
Albiriox is a Remote Access Trojan (RAT) for Android and a banking Trojan created to perform device fraud. where criminals perform transactions directly on the victim's phone. Instead of simply stealing passwords, it has a structured architecture with loaders, command modules and dashboards optimized for financial applications and cryptocurrency services worldwide.
In the initial campaign, Albiriox targeted Austria.But unlike old mobile malware that focuses on a single bank or country, ALBRIRIOX is targeting hundreds of dollars, FinTech, payments and Crypto apps and crypto apps in multiple regions.Its built-in app database includes more than 400 apps.
Since this is a Maas service, attackers can distribute albiriox however they want.Common methods include fake apps and social manipulation, often obfuscation or breaking legitimate brands or app stores.In at least one campaign, victims were lured by a fake vendor app by clicking a Google Play Download page to install a malicious droplet.
The original applications involved are often seen as the only burden to download and install the main service when you get other rights.Staying under the radar, malware uses encryption and encryption to make it harder for security products to detect.
What does Albirox contain?
Albriox in response to some developments to work together to give injuries as their weapons.
- Remote wipe: Remove malware from the device, and whoever can find it, detect, write, write, write, write, write, write, write.
- Device access on device: criminals can open banking or Crypto applications, initiate transfers and authorize using devices and sessions.
- Access abuse: Android access services are abused to automate clicks, read screen content, and bypass some security alerts.
- Overlay attack (in active development): able to display the wrong login or verification page on the real apps apps to gather signs that are changing.
- Black screen masking: The malware can display a black or fake screen while the attacker is running in the background, hiding the fraud from the user.
This masking hides real-time remote control so the victim has no idea what's going on.
Because the fraud occurs on the victim's device and activation, criminals can often bypass the device's multi-factor authentication and fingerprint checks.
How to stay safe
If you see generic names on your device or location apps that include "Utility," "Security," "Retailer," or "Investment," run a full system scan with a reliable Android anti-malware solution, not forgetting that you installed it from the official Play Store.
But prevention is better:
- Only store AMMS from official app stores and promote SMS by mail or messenger.
- Before installing any financial or retail-related app, check the developer name, number of downloads, and user reviews instead of relying on a single promotional link.
- Protect your deviceUse a real-time updated anti-malware solution like Android which has already detected this malware.
- Check permissions.Does an app really need the permissions it requests to do the job you want it to do?Especially if it requires access, SMS or camera access.
- Keep Android, Google Play services and any banking or crypto apps up to date to receive the latest security updates.
- Enable multi-factor authentication in banking and cryptographic services, prefer app- or hardware-based SMS codes when possible.And if possible, set up account alerts for new recipients, large transfers, or logins from new devices.
The file names are found under the found names:
B6BAEFFOOLff784D1C5E766EEEEEE33 Detectado Como android/Trojan.Agent.Ac3A2DCCDFH18
61b59EB41EB0AB0Ae7FC94F8F800812860281286028 Trojan.drop9b7ece83d1
f09b82182a5935a27566cdb570ce668f Detected as Android/Trojan.Banker.ACRD716BEE9D2
F5B501E3D766F3024EB532893Acc8c6c detected as Android/Trojan.agent.acrfe97438ac5
We cannot report safe calls - we provide them
Cyber risks should never be out of the headlines.Use mobile devices by downloading iOS and porting it to Android today.
