Find notable cyber news and cases, enriched with sources, timelines, and signals.

Albiriox Android MaaS malware with VNC fraud control

Malware Activity
First reported
Last updated
Happening score
H score 27
1 unique sources, 1 articles

Summary

Hide ▲

A new Android malware family, Albiriox, has emerged as a malware-as-a-service (MaaS) offering that can drive on-device fraud, manipulate screens, and remotely interact with infected phones. It embeds a hard-coded target list of 400+ apps spanning banking, fintech, payments, crypto, wallets, and trading platforms, making it a broad credential-theft threat. The malware is built to stay hidden while operating inside the victim’s legitimate session, which raises the risk of account takeover and fraudulent transactions.

Related Happenings

RedWing Android bank-fraud malware rental service

Malware Activity
H score21 First: 07.07.2026 20:10 Last: 07.07.2026 20:10 Sources 1

About this happening: The **RedWing** Android malware service is being rented on **Telegram** to steal **banking logins**, **OTPs**, and device control, raising fraud risk for **banking and cryptocurre...

Rokarolla device-profiling targeting campaign

Campaign
H score32 First: 16.06.2026 23:04 Last: 16.06.2026 23:04 Sources 1

About this happening: The **Rokarolla** Android campaign now profiles infected devices to assign a **unique identifier** to each victim, enabling repeated tracking and coordinated financial-fraud activ...

Rokarolla Android banking trojan activity

Malware Activity
H score26 First: 16.06.2026 16:15 Last: 16.06.2026 16:15 Sources 1

About this happening: The **Rokarolla** **Android banking trojan** is expanding phone-level control on infected devices, letting attackers steal credentials, intercept authentication codes, and hide fr...

NFCShare Android malware spreads via fake banking-app updates

Malware Activity
H score21 First: 09.06.2026 01:11 Last: 09.06.2026 01:11 Sources 1

About this happening: The **NFCShare Android malware** is being spread as **fake banking-app updates on GitHub**, broadening attacks against **customers of multiple banks and financial institutions acr...

WeedHack Minecraft MaaS campaign expands with malicious JARs and remote access

Malware Activity
H score65 First: 03.06.2026 00:54 Last: 03.06.2026 00:54 Sources 1

About this happening: **WeedHack** is a **Minecraft-focused malware-as-a-service** operation that has been active since **January 2026** and uses **SEO poisoning** and **YouTube** to push malicious dow...

Timeline

  1. 01.12.2025 10:45 2 articles · 7mo ago

    Albiriox Android MaaS disclosure

    Initial Disclosure

    Security researchers describe Albiriox as a new Android malware-as-a-service (MaaS) family built for on-device fraud, screen manipulation, and real-time interaction with infected devices. The malware embeds a hard-coded list of over 400 banking, fintech, payment, cryptocurrency, wallet, and trading apps, and it uses dropper APKs, packing techniques, unencrypted TCP socket C2, Virtual Network Computing (VNC), accessibility-service abuse, and overlay tricks to control compromised phones and steal credentials. The first identified campaign targeted Austrian victims with German-language SMS lures and fake Google Play Store pages such as PENNY Angebote & Coupons.

    Show sources