Delete this message immediately.

AFP via Getty Images

This warning is very simple. Android users are now under attack from dangerous new malware that will steal crypto and steal banking credentials to empty accounts. The threat is delivered by a WhatsApp message — if you see it, you delete it. Period.

The warning comes courtesy of Cleafy, which has “identified and analyzed Albiriox, a newly emerging Android malware family promoted as a Malware-as-a-Service (MaaS) within underground cybercrime forums.”

ForbesAmazon Customers Issued 48 Hour Warning—Attacks Have StartedBy Zak Doffman

The malware will fully takeover phones, targeting more than 400 crypto wallets and banking applications. It works by triggering overlay attacks, where a malicious screen is stealthily displayed over a genuine banking or wallet app, intercepting and exfiltrating your credentials as you type them into your phone.

The attacker starts with a link to a fake Google Play Store, which currently presents a spoofed version of a popular discount retail app but could be repurposed to anything. The page does not include a direct download link, instead it requests a phone number and tells would-be users the app link will be delivered by WhatsApp.

To describe this as just a red flag would be a staggering understatement. This is the very reason Google is cracking down on sideloading, controversially mandating all app developers register and prove their identity. While savvy users want to maintain their freedom, it’s day-to-day users duped by schemes such as this.

You must never give away your phone number or agree to receive an app link in this way. And if you do ever receive app installs via WhatsApp messages, do not click the links and delete the message. Installing the app will open the door to hackers.

ForbesSamsung Releases Critical Update For Most Galaxy UsersBy Zak Doffman

Yes, there may be some exceptions. Very specific apps installed in very specific circumstances. But unless you tick all those boxes, this is dangerous. Period.

This highlights “the ongoing evolution and increasing sophistication of mobile banking threats,” Cleafy says. “Albiriox represents a rapidly evolving threat,” but you can stay safe by sticking to legitimate Play Store installs and ensuring Play Protect is enabled.