If you thought hackers needed your password or OTP to access your bank account, think again. A sneaky new Android malware is now allowing cybercriminals to access banking apps and make transactions without your permission. And the scary part is that many people don’t even realise anything is wrong until their money is gone. What exactly is happening? Cybersecurity researchers have discovered a new threat called ‘Albiriox,’ a powerful Android malware spreading through fake apps and cloned Play Store pages.
It’s also being openly sold on dark-web forums as a subscription toolkit, making it easier for anyone with bad intentions to use it. A fraud-monitoring firm, Cleafy, spotted Albiriox while tracking a rising wave of Android banking attacks. Hackers are circulating malicious APK files disguised as normal apps, often shared through WhatsApp, Telegram, fake app sites, or “exclusive offer” links. How Albiriox sneaks into your phone Once a user installs one of these fake apps, the malware asks them to enable ‘install unknown apps’. After that: Researchers say over 400 fake apps have already been flagged, targeting anyone searching for financial services. Why is this malware dangerous Albiriox allows attackers to: Because it works quietly in the background, users rarely spot any suspicious activity until it’s too late. A researcher involved in the investigation said: This new malware doesn’t need your password or OTP—it behaves as you inside your banking app. Why it’s spreading fast Hackers are getting easy access to Albiriox through Malware-as-a-Service. They simply subscribe, download it, and start distributing fake APKs. The model is popular in Russia and neighbouring regions, where attackers aggressively spread these apps via messaging platforms and online forums. How to stay safe You can avoid threats like Albiriox with a few simple precautions: Malware like Albiriox shows how quickly cybercriminals are evolving. Even one suspicious file pretending to be a banking or discount app can hand over your phone and your money to a remote attacker. Staying cautious with your downloads is the best defence.
The post appeared first on .
The post appeared first on .
