My Data Zero

“Albiriox”: A New Scam Tool That Lets Criminals Peek Into Your Phone And Access Your Financial Apps

Android Personal Data Protection

Written by

My Data Zero Team

in

As part of our Android Personal Data Protection reportage, today, we’ll talk about a new threat called “Albiriox” that is being used by online criminals to gain access to people’s phones.

According to cleafy.com, it’s being sold to cybercriminals on underground websites, meaning many attackers can use it at once.

Watch out! This threat is largely delivered over WhatsApp!

The main goal: steal money by breaking into banking and cryptocurrency apps.

It works by tricking people into installing fake apps or phony updates.

Once inside, attackers can see your screen, control your device, and steal information without you noticing.

Android Personal Data Protection: What’s Happening in Simple Terms

Researchers discovered that criminals have created a tool that lets them remotely access someone’s Android phone, as if they were holding it in their hands.

They promote this tool online, charging monthly fees to other scammers who want to use it. Videos shared between criminals show that they can even see screens that are normally protected, such as banking apps or password fields.

In plain words:
If someone installs the fake app, criminals could watch what you do, read what’s on your screen, and get into sensitive apps.

How People Are Being Targeted

  • Scam text messages are being sent to people, starting in Austria and now spreading globally.
  • These messages lead to fake versions of real websites, such as imitation Google Play pages.
  • Victims think they are installing a store app or a system update, but they’re actually installing the attacker’s software.
  • Some versions even ask for your phone number and send it to criminals through private messaging channels.

What This Scam Tries to Access

Once installed, the tool tries to gather or control:

  • Your banking and crypto apps (over 400 different apps are targeted)
  • Your screen activity
  • Passwords or login details
  • Your ability to control the phone (taps, swipes, typing)
  • Your device visibility (they can make your screen go black while they operate in the background)

Again, the focus isn’t on breaking your phone. It’s about breaking into your personal life and finances.

What It Lets Criminals Do

Without needing your permission again, attackers can:

  • See what you see
  • Type or tap on your behalf
  • Open apps
  • Steal login information
  • Cover your screen so you don’t notice what’s happening
  • Move money from your accounts

All of this is done quietly, aiming to get access to your personal data and financial information.

Why This Matters for Your Personal Data

Albiriox isn’t just a “virus”—it’s a data-stealing tool designed to:

  • Trick you into sharing personal information
  • Take over accounts where your most sensitive data lives
  • Quietly observe everything happening on your device
  • Access apps meant to protect your money and identity

This makes it a direct threat to your privacy and the security of your personal information.

✔️ How You Can Protect Yourself

  • Never install apps from links in text messages or emails.
  • Only download apps directly from the official Google Play Store.
  • Be suspicious of apps claiming to be “updates” that don’t come from your phone’s settings.
  • Check permissions carefully. Don’t allow apps to control your device or read everything on screen.
  • If something feels off, stop and double-check before installing.

Credits

Based on research by Cleafy Labs Threat Intelligence Team.

More posts