Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Albiriox Android MaaS malware with VNC fraud control

Malware Activity
First reported
Last updated
Happening score
H score 21
1 unique sources, 1 articles

Summary

Hide ▲

A new Android malware family, Albiriox, has emerged as a malware-as-a-service (MaaS) offering that can drive on-device fraud, manipulate screens, and remotely interact with infected phones. It embeds a hard-coded target list of 400+ apps spanning banking, fintech, payments, crypto, wallets, and trading platforms, making it a broad credential-theft threat. The malware is built to stay hidden while operating inside the victim’s legitimate session, which raises the risk of account takeover and fraudulent transactions.

Related Happenings

Grandoreiro and BTMOB banking trojan activity targeting Windows and Android

Malware Activity
First: 27.05.2026 19:10 Last: 27.05.2026 19:10 Sources 1

About this happening: The **Grandoreiro** and **BTMOB** trojans are being used in active campaigns against **Windows** and **Android** targets across **Europe** and **Latin America**, increasing the ri...

Open Happening

Trapdoor Android malvertising and ad-fraud campaign

Campaign
First: 19.05.2026 19:38 Last: 19.05.2026 19:38 Sources 1

About this happening: The **Trapdoor** campaign is a **self-sustaining malvertising and ad-fraud operation** targeting **Android users** and turning app installs into revenue through threat-actor-contr...

Open Happening

TrickMo Android banking trojan variant with TON C2 and network pivots

Malware Activity
First: 12.05.2026 15:50 Last: 12.05.2026 15:50 Sources 1

About this happening: A new **TrickMo** Android banking trojan variant now uses **The Open Network (TON)** for C2, turning infected phones into **network pivots** and **traffic-exit nodes**. It was obs...

Open Happening

FakeWallet Apple App Store wallet-stealing apps

Malware Activity
First: 21.04.2026 00:52 Last: 21.04.2026 00:52 Sources 1

About this happening: The **FakeWallet** app set turned the **Apple App Store** into a delivery channel for **26 malicious wallet lookalikes**, putting crypto holders at risk of account takeover and th...

Open Happening

Mirax Android banking trojan with residential proxy nodes

Malware Activity
First: 13.04.2026 17:30 Last: 13.04.2026 17:30 Sources 1

About this happening: Mirax is spreading across **Europe** with **remote access** and **residential proxy** features, increasing the risk of device compromise, data theft, and traffic abuse. The Androi...

Open Happening

Timeline

  1. 01.12.2025 10:45 2 articles · 5mo ago

    Albiriox Android MaaS disclosure

    Initial Disclosure

    Security researchers describe Albiriox as a new Android malware-as-a-service (MaaS) family built for on-device fraud, screen manipulation, and real-time interaction with infected devices. The malware embeds a hard-coded list of over 400 banking, fintech, payment, cryptocurrency, wallet, and trading apps, and it uses dropper APKs, packing techniques, unencrypted TCP socket C2, Virtual Network Computing (VNC), accessibility-service abuse, and overlay tricks to control compromised phones and steal credentials. The first identified campaign targeted Austrian victims with German-language SMS lures and fake Google Play Store pages such as PENNY Angebote & Coupons.

    Show sources
    Open in new tab