The convergence of physical and digital security is driving a shift toward software-driven, open-architecture edge computing. Access control has typically been treated as a physical domain problem — managing who can open which doors, using specialized systems largely isolated from broader enterprise IT. However, the boundary between physical and digital security is increasingly blurring. With..

The post Rethinking Security as Access Control Moves to the Edge appeared first on Security Boulevard.

Learn how to implement granular access control policies in post-quantum AI environments to protect against advanced threats. Discover strategies for securing Model Context Protocol deployments with quantum-resistant encryption and context-aware access management.

The post Granular Access Control Policies for Post-Quantum AI Environments appeared first on Security Boulevard.

Albiriox is a new family of Android banking malware that gives attackers live remote control over infected phones, letting them quietly drain bank and crypto accounts during real sessions.

Researchers have analyzed a new Android malware family called Albiriox which is showing signs of developing rapidly and already has strong capabilities. Albiriox is sold as Malware-as-a-Service (MaaS), meaning entry-level cybercriminals can simply rent access and launch their own fraud campaigns. It was first observed in September 2025 when attackers started a limited recruitment phase.

Albiriox is an Android Remote Access Trojan (RAT) and banking Trojan built for on-device fraud, where criminals perform transactions directly on the victim’s phone instead of just stealing passwords. It has a structured architecture with loaders, command modules, and control panels tailored to financial apps and cryptocurrency services worldwide.

In one early campaign, Albiriox targeted Austria. But unlike older mobile malware that focused on a single bank or country, Albiriox already targets hundreds of banking, fintech, payment, and crypto apps across multiple regions. Its internal application-monitoring database included more than 400 applications.

Since it’s a MaaS service, attackers can distribute Albiriox in any way they like. The usual methods are through fake apps and social engineering, often via smishing or links that impersonate legitimate brands or app stores. In at least one campaign, victims were lured with a bogus retailer app that mimicked a Google Play download page to trick them into installing a malicious dropper.

The first app victims see is usually just a loader that downloads and installs the main Albiriox payload after gaining extra permissions. To stay under the radar, the malware uses obfuscation and crypting services to make detection harder for security products.

What makes Albiriox stand out?

Albiriox combines several advanced capabilities that work together to give attackers almost the same control over your phone as if they were holding it in their hands:

• Live remote control: The malware streams the device screen to the attacker, who can tap, swipe, type, and navigate in real time.
• On‑device fraud tools: Criminals can open your banking or crypto apps, start transfers, and approve them using your own device and session.
• Accessibility abuse: It misuses Android Accessibility Services to automate clicks, read on‑screen content, and bypass some security prompts.
• Overlay attacks (under active development): It can show fake login or verification screens on top of real apps to harvest credentials and codes, with templates that are being refined.
• Black‑screen masking: The malware can show a black or fake screen while the attacker operates in the background, hiding fraud from the user.

The live remote control is hidden by this masking, so victims don’t notice anything going on.

Because the fraud happens on the victim’s own device and session, criminals can often bypass multi-factor authentication and device-fingerprinting checks.

How to stay safe

If you notice strange behavior on your device or spot apps with generic names that include “utility,” “security,” “retailer,” or “investment” that you don’t remember installing from the official Play Store, run a full system scan with a trusted Android anti-malware solution.

But prevention is better:

• Only install apps from official app stores whenever possible and avoid installing apps promoted in links in SMS, email, or messaging apps.
• Before installing finance‑related or retailer apps, verify the developer name, number of downloads, and user reviews rather than trusting a single promotional link.
• Protect your devices. Use an up-to-date real-time anti-malware solution like Malwarebytes for Android, which already detects this malware.
• Scrutinize permissions. Does an app really need the permissions it’s requesting to do the job you want it to do? Especially if it asks for accessibility, SMS, or camera access.
• Keep Android, Google Play services, and all banking or crypto apps up to date so you get the latest security fixes.
• Enable multi-factor authentication on banking and crypto services, and prefer app‑based or hardware‑based codes over SMS where possible. And if possible, set up account alerts for new payees, large transfers, or logins from new devices.

IOCs

The following file hashes are detected by Malwarebytes under the listed detection names:
b6bae028ce6b0eff784de1c5e766ee33 detected as Android/Trojan.Agent.ACR3A2DCCDFH18
61b59eb41c0ae7fc94f800812860b22a detected as Android/Trojan.Dropper.ACR9B7ECE83D1
f09b82182a5935a27566cdb570ce668f detected as Android/Trojan.Banker.ACRD716BEE9D2
f5b501e3d766f3024eb532893acc8c6c detected as Android/Trojan.Agent.ACRFE97438AC5

---

We don’t just report on phone security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

The US Treasury Sanctions Burma armed group and several related companies for their alleged involvement in cyber scam centers targeting American citizens. The Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced the designations as part of a broader effort to combat organized crime, human trafficking, and cybercriminal activities operating out of Southeast Asia. According to the Treasury Department, OFAC has sanctioned the Democratic Karen Benevolent Army (DKBA), a Burmese armed group, and four of its senior leaders for supporting cyber scam centers in Burma. These operations reportedly defraud Americans through fraudulent investment schemes.

US Treasury Sanctions Burma: OFAC Targets Armed Group and Associated Firms

The agency also designated Trans Asia International Holding Group Thailand Company Limited, Troth Star Company Limited, and Thai national Chamu Sawang, citing links to Chinese organized crime networks. These entities were found to be working with the DKBA and other armed groups to establish and expand scam compounds in the region. Under Secretary of the Treasury for Terrorism and Financial Intelligence John K. Hurley stated, “criminal networks operating out of Burma are stealing billions of dollars from hardworking Americans through online scams.” He emphasized that such activities not only exploit victims financially but also contribute to Burma’s civil conflict by funding armed organizations.

Scam Center Strike Force Established

In coordination with agencies including the Federal Bureau of Investigation (FBI), U.S. Secret Service (USSS), and Department of Justice, a new Scam Center Strike Force has been launched to counter cyber scams originating from Burma, Cambodia, and Laos. This task force will focus on investigating and disrupting the most harmful Southeast Asian scam centers, while also supporting U.S. victims through education and restitution programs. The initiative aims to combine law enforcement, financial action, and diplomatic efforts to curb illicit online operations. [caption id="attachment_106706" align="aligncenter" width="432"] Source: Department of the Treasury’s Office of Foreign Assets Control (OFAC)[/caption]

An Ongoing Effort to Protect Victims

The US Treasury Sanctions Burma action builds on previous measures targeting illicit actors in the region. Earlier in 2025, the Karen National Army (KNA) and several related companies were sanctioned for their roles in human trafficking and cyber scam activities. Additional designations in Cambodia and Burma followed, targeting groups such as the Prince Group and Huione Group for operating scam compounds and laundering proceeds from virtual currency investment scams. According to government reports, Americans lost over $10 billion in 2024 to Southeast Asia-based cyber scam operations, marking a 66 percent increase from the previous year.

Cyber Scams and Human Trafficking Links

Investigations revealed that many individuals working in scam centers are victims of human trafficking, coerced into online fraud through threats and violence. Some compounds, including Tai Chang and KK Park in Burma’s Karen State, are known hubs for cyber scams. The DKBA reportedly provides protection for these compounds while also participating in violent acts against trafficked workers. These scam networks often use messaging apps and fake investment platforms to deceive Americans. Victims are manipulated into transferring funds to scam-controlled accounts under the guise of legitimate investments.

Sanctions and Legal Implications

Following today’s actions, all property and interests of the designated individuals and entities within the United States are now blocked. The sanctions prohibit any U.S. person from engaging in transactions involving these blocked parties. Violations of OFAC regulations could lead to civil or criminal penalties. The US Treasury Sanctions Burma initiative underscores the United States’ continued commitment to disrupting global cyber scam operations, holding organized crime networks accountable, and safeguarding victims of human trafficking and financial exploitation.