Learn how the Android trojan Albiriox (RAT) hijacks devices, abuses Accessibility, and drains banking and crypto apps. See warning signs and smart defenses.
© RusPhotoBank
Cybersecurity specialists have uncovered a new Android trojan called Albiriox that can seize control of a device and siphon off money through banking and crypto apps. According to Cleafy researchers, it belongs to the RAT (Remote Access Trojan) family: once on a phone, it can take remote control and carry out financial actions without the owner’s consent.
Albiriox is especially dangerous because it doesn’t stop at stealing passwords or one-time codes. It can disguise its activity by throwing up black screens and exploiting Accessibility features, leaving the user unaware that logins and payment approvals are happening in the background. In practice, that means a direct risk of funds being withdrawn while everything appears normal — a troubling combination by any measure.
The malware spreads through malicious APK files dressed up as legitimate apps. The script often starts with fake promotions and tempting “deals,” after which the target is persuaded to install a file sent via a messenger. Delivery channels include WhatsApp and Telegram, where people receive an “app” or an “update” that brings the trojan along for the ride.
The defenses here are straightforward and effective: install apps only from the official store, avoid APKs from emails, messengers, and shady sites, and scrutinize permission requests — especially anything tied to Accessibility. Even though malicious apps sometimes slip into Google Play, the official store’s checks are much stronger and the odds of a fast takedown are higher.
As attacks like these multiply, Google continues to tighten its policy around sideloading with extra restrictions and warnings, though it doesn’t plan to shut off APK installs completely. For most users, the rule still holds: the fewer installs from unknown sources, the lower the chance of suddenly discovering money missing from an account.