Cybersecurity researchers have identified a fast-evolving Android malware called Albiriox that allows criminals to remotely control infected smartphones and empty bank and cryptocurrency accounts in real time.
First detected in September 2025, Albiriox is being sold as Malware-as-a-Service, enabling even low-skill cybercriminals to rent the tool and launch fraud campaigns.
Albiriox functions as both a Remote Access Trojan and a banking Trojan, designed for on-device fraud.
Instead of stealing passwords, attackers operate directly on the victim’s phone, opening banking or crypto apps and authorising transactions during live sessions.
Early campaigns targeted Austria, but the malware now monitors more than 400 banking, fintech, payment, and crypto applications across multiple regions.
The malware is typically spread through fake apps and smishing links that imitate trusted brands or app stores.
Victims first install a loader app, which then downloads the full malware after securing powerful permissions.
What makes Albiriox especially dangerous is its use of accessibility services, live screen streaming, black-screen masking, and developing overlay attacks, allowing fraud to occur unnoticed.
Because activity happens on the victim’s own device, it can bypass many security checks.
Experts urge users to install apps only from official stores, carefully review permissions, keep devices updated, and use reliable mobile security software to reduce risk.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
