Threats Tagged 'accessibility abuse'
View all threats tagged with 'accessibility abuse'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'accessibility abuse'
Click on any threat for detailed analysis and mitigation recommendations
Fake Banking Rewards, Telegram Delivery and Albiriox: Anatomy of an Android Malware Campaign 0 This threat involves a malicious campaign impersonating an Italian banking brand to lure users with fake financial rewards. Victims are redirected to a Telegram bot that distributes a malicious Android APK outside official app stores. The APK acts as a dropper for a second-stage payload known as Albiriox, an Android banking Remote Access Trojan. Albiriox abuses Accessibility services, performs overlay attacks, intercepts SMS messages, captures credentials, and enables remote control via a custom TCP command-and-control protocol. The campaign uses domain impersonation and social engineering with financial incentives to spread the malware. Communication occurs over raw TCP sockets on ports 5555 and 5552 using JSON messages with big-endian length prefixes. The campaign targets users in Italy. Join the discussion | AlienVault OTX General | 07/09/2026, 22:16:05 UTC Added: 07/10/2026, 07:47:32 UTC |
Android Banker with Complete Device Takeover Capabilities 0 A newly identified Android banking trojan named Rokarolla has been discovered, distributed through malicious websites masquerading as popular applications like TikTok or Google Chrome. The malware targets 217 distinct cryptocurrency and banking applications using 137 sophisticated commands for device control. Capabilities include harvesting lock screen credentials, exfiltrating contact lists and SMS data, deploying keyloggers, blocking calls, creating fraudulent screen overlays, and disabling Google Play Protect. The infection begins with a dropper impersonating Google Play Protect that installs a secondary payload. Rokarolla communicates with C2 infrastructure via HTTPS, uses overlays to steal banking credentials and device unlock patterns, silently monitors WhatsApp contacts, hijacks SMS and calls, manipulates clipboard content for cryptocurrency theft, and employs snapshot-based screen surveillance. It maintains persistence by hiding its icon, muting device audio, and keeping screens active indefinitely. Join the discussion | AlienVault OTX General | 06/16/2026, 14:27:52 UTC Added: 06/16/2026, 17:16:15 UTC |
Showing 1 to 2 of 2 results