Albiriox Android MaaS malware with VNC fraud control
Malware Activity
Summary
Hide ▲
Show ▼
A new Android malware family, Albiriox, has emerged as a malware-as-a-service (MaaS) offering that can drive on-device fraud, manipulate screens, and remotely interact with infected phones. It embeds a hard-coded target list of 400+ apps spanning banking, fintech, payments, crypto, wallets, and trading platforms, making it a broad credential-theft threat. The malware is built to stay hidden while operating inside the victim’s legitimate session, which raises the risk of account takeover and fraudulent transactions.
Related Happenings
RedWing Android bank-fraud malware rental service
Malware Activity
H score21
First: 07.07.2026 20:10
Last: 07.07.2026 20:10
Sources 1
About this happening:
The **RedWing** Android malware service is being rented on **Telegram** to steal **banking logins**, **OTPs**, and device control, raising fraud risk for **banking and cryptocurre...
RedWing Android bank-fraud malware rental service
Malware ActivityAbout this happening: The **RedWing** Android malware service is being rented on **Telegram** to steal **banking logins**, **OTPs**, and device control, raising fraud risk for **banking and cryptocurre...
Rokarolla device-profiling targeting campaign
Campaign
H score32
First: 16.06.2026 23:04
Last: 16.06.2026 23:04
Sources 1
About this happening:
The **Rokarolla** Android campaign now profiles infected devices to assign a **unique identifier** to each victim, enabling repeated tracking and coordinated financial-fraud activ...
Rokarolla device-profiling targeting campaign
CampaignAbout this happening: The **Rokarolla** Android campaign now profiles infected devices to assign a **unique identifier** to each victim, enabling repeated tracking and coordinated financial-fraud activ...
Rokarolla Android banking trojan activity
Malware Activity
H score26
First: 16.06.2026 16:15
Last: 16.06.2026 16:15
Sources 1
About this happening:
The **Rokarolla** **Android banking trojan** is expanding phone-level control on infected devices, letting attackers steal credentials, intercept authentication codes, and hide fr...
Rokarolla Android banking trojan activity
Malware ActivityAbout this happening: The **Rokarolla** **Android banking trojan** is expanding phone-level control on infected devices, letting attackers steal credentials, intercept authentication codes, and hide fr...
NFCShare Android malware spreads via fake banking-app updates
Malware Activity
H score21
First: 09.06.2026 01:11
Last: 09.06.2026 01:11
Sources 1
About this happening:
The **NFCShare Android malware** is being spread as **fake banking-app updates on GitHub**, broadening attacks against **customers of multiple banks and financial institutions acr...
NFCShare Android malware spreads via fake banking-app updates
Malware ActivityAbout this happening: The **NFCShare Android malware** is being spread as **fake banking-app updates on GitHub**, broadening attacks against **customers of multiple banks and financial institutions acr...
WeedHack Minecraft MaaS campaign expands with malicious JARs and remote access
Malware Activity
H score65
First: 03.06.2026 00:54
Last: 03.06.2026 00:54
Sources 1
About this happening:
**WeedHack** is a **Minecraft-focused malware-as-a-service** operation that has been active since **January 2026** and uses **SEO poisoning** and **YouTube** to push malicious dow...
WeedHack Minecraft MaaS campaign expands with malicious JARs and remote access
Malware ActivityAbout this happening: **WeedHack** is a **Minecraft-focused malware-as-a-service** operation that has been active since **January 2026** and uses **SEO poisoning** and **YouTube** to push malicious dow...
Timeline
-
01.12.2025 10:45 2 articles · 7mo ago
Albiriox Android MaaS disclosure
Initial DisclosureSecurity researchers describe Albiriox as a new Android malware-as-a-service (MaaS) family built for on-device fraud, screen manipulation, and real-time interaction with infected devices. The malware embeds a hard-coded list of over 400 banking, fintech, payment, cryptocurrency, wallet, and trading apps, and it uses dropper APKs, packing techniques, unencrypted TCP socket C2, Virtual Network Computing (VNC), accessibility-service abuse, and overlay tricks to control compromised phones and steal credentials. The first identified campaign targeted Austrian victims with German-language SMS lures and fake Google Play Store pages such as PENNY Angebote & Coupons.
Show sources
- New Albiriox MaaS Malware Targets 400+ Apps for On-Device Fraud and Screen Control — thehackernews.com — 01.12.2025 10:45
- New Albiriox MaaS Malware Targets 400+ Apps for On-Device Fraud and Screen Control — thehackernews.com — 01.12.2025 10:45