Dangerous Android malware quietly targets and empties bank accounts

We recently reported about another type of banking Android malware that operates in the background and leverages accessibility settings to steal data, including passwords and bank credentials. More malware that allows remote attacks on Android devices and is freely disseminated among hackers as part of a subscription service has just been disclosed.

More banking malware on the loose

A new Android trojanware known as Albiriox has been found by researchers at the online fraud protection company Cleafy. Albiriox is disseminated through what are referred to as “dummy” or infected APKs to deceive users into downloading real apps, much as Sturnus, the malware that was discovered last week.

Hackers have tricked people by making phony copies of Google Play Store app listings, as Android Authority noted. As a result, potential victims may think they are downloading an app from a secure site when, in fact, they are not. Additionally, hackers have enticed victims by posting fictitious offers and promotions, requesting contact information, and then distributing the malicious APKs via well-known messaging services like Telegram and WhatsApp.

Read Also: Best Wallpaper Apps for Android in 2026: Free and Premium Picks

The research group claims that hackers in Russia and other nearby regions have been the primary users of these approaches. After being disseminated as a Malware-as-a-Service (MaaS) on dark web forums, it is reported to have lately acquired popularity.

The “install unknown apps” permission on users’ devices is mostly enabled via the APK files that hackers disseminate. The current (and destructive) program containing Albiriox is installed by the dropper app after that is activated.

According to Android Authority, the research organization has already caught over 400 fraudulent apps that target consumers in categories including banking, fintech, digital payments, and cryptocurrencies. Instead than obtaining users’ login credentials, these software versions enable hackers to conduct transactions directly on users’ banking apps.

You should be wary of any strange programs you install, especially if they appear to be connected to banking or any other financial service, as the malware works more covertly and silently. Make sure you have the most recent Play Protect update installed and that you only download apps from the official Google Play Store app.

In terms of updates, make sure your device has the most recent firmware that is supported, as this contains patches for vulnerabilities that have just been discovered. Similarly, Google has published the December Android Security Bulletin.