Albiriox Exposed: A New RAT Mobile Malware Targeting Global Finance and Crypto Wallets

Dec. 21, 2025, 6:24 p.m.

Description

Albiriox is a newly identified Android malware offered as Malware-as-a-Service, likely managed by Russian-speaking threat actors. It employs a two-stage deployment chain using dropper applications and packing techniques to evade detection. The malware exhibits advanced On-Device Fraud capabilities, enabling remote control, screen manipulation, and real-time interaction with infected devices. Albiriox targets over 400 global financial and cryptocurrency applications, combining VNC-based remote access and overlay attack mechanisms. The malware's sophisticated features include device takeover, real-time interaction, and unauthorized operations while remaining undetected. Its MaaS model and ongoing development suggest potential for rapid adoption among threat actors seeking efficient mobile fraud tools.

External References

https://otx.alienvault.com/pulse/69309b3dc9fb51eed9634ec3
https://www.cleafy.com/cleafy-labs/albiriox-rat-mobile-malware-targeting-global-finance-and-crypto-wallets
Tags
rat
android
cryptocurrency
banking trojan
maas
evasion techniques
overlay attacks
on-device fraud
2025-12-03
vnc
albiriox

Date

  • Created: Dec. 3, 2025, 8:19 p.m.
  • Published: Dec. 3, 2025, 8:19 p.m.
  • Modified: Dec. 21, 2025, 6:24 p.m.

Indicators

  • 5e14181839816bbb4b55badc91f29d382e8d6f603eec2ed8f8b731c35def6b59
  • a0c9d6eb1932c96a11301c00cf96ce9767fb11401e090f215f972df06b09a878
  • 630b047722d553495def3b8e744f2f621209e1a77389c09a9a972eeb243f9ed8
  • 070640095c935c245f960e4e2e3e93720dd57465c81fa9c72426ee008c627bf3
Download all indicators here!

Attack Patterns

  • Albiriox

Additional Informations

  • google-app-install.com
  • google-app-get.com
  • google-app-download.download
  • google-get.download
  • google-aplication.download
  • play.google-get.store
  • google-get-app.com