Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.

Threats Tagged 'accessibility abuse'

View all threats tagged with 'accessibility abuse'. Filter and sort to focus on specific types of threats.

Pro Console Lifetime

Stop chasing alerts. Route them.

Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.

Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)

View Plans & Pricing

API access activates after upgrading in Console -> Billing.

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now

Filter Threats

Narrow down the results by type, severity, or affected countries

Search threats by title, CVE ID, or description. Maximum 100 characters.
Active filters (1):Tag: accessibility abuse

Threats Tagged 'accessibility abuse'

Click on any threat for detailed analysis and mitigation recommendations

Fake Banking Rewards, Telegram Delivery and Albiriox: Anatomy of an Android Malware Campaign
0

This threat involves a malicious campaign impersonating an Italian banking brand to lure users with fake financial rewards. Victims are redirected to a Telegram bot that distributes a malicious Android APK outside official app stores. The APK acts as a dropper for a second-stage payload known as Albiriox, an Android banking Remote Access Trojan. Albiriox abuses Accessibility services, performs overlay attacks, intercepts SMS messages, captures credentials, and enables remote control via a custom TCP command-and-control protocol. The campaign uses domain impersonation and social engineering with financial incentives to spread the malware. Communication occurs over raw TCP sockets on ports 5555 and 5552 using JSON messages with big-endian length prefixes. The campaign targets users in Italy.

Join the discussion
Android Banker with Complete Device Takeover Capabilities
0

A newly identified Android banking trojan named Rokarolla has been discovered, distributed through malicious websites masquerading as popular applications like TikTok or Google Chrome. The malware targets 217 distinct cryptocurrency and banking applications using 137 sophisticated commands for device control. Capabilities include harvesting lock screen credentials, exfiltrating contact lists and SMS data, deploying keyloggers, blocking calls, creating fraudulent screen overlays, and disabling Google Play Protect. The infection begins with a dropper impersonating Google Play Protect that installs a secondary payload. Rokarolla communicates with C2 infrastructure via HTTPS, uses overlays to steal banking credentials and device unlock patterns, silently monitors WhatsApp contacts, hijacks SMS and calls, manipulates clipboard content for cryptocurrency theft, and employs snapshot-based screen surveillance. It maintains persistence by hiding its icon, muting device audio, and keeping screens active indefinitely.

Join the discussion

Showing 1 to 2 of 2 results

Filters:Tag: accessibility abuse
Page 1 of 1
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses