Albiriox Android malware activity
Malware Activity
Summary
Hide ▲
Show ▼
Albiriox is an Android malware family now being sold as Malware-as-a-Service, and it matters because it enables remote device takeover and real-time fraud against financial apps. The threat already targets more than 400 banking and cryptocurrency applications worldwide. It also moved from private beta in September 2025 to a public model in October 2025, expanding its reach.
Related Happenings
Grandoreiro DLL side-loading campaign targeting banks in Portugal
Campaign
First: 27.05.2026 19:10
Last: 27.05.2026 19:10
Sources 1
About this happening:
**Grandoreiro** is running a new **DLL side-loading** campaign against **banks in Portugal**, extending a long-lived banking-malware operation into **2026**. The latest wave uses...
Grandoreiro DLL side-loading campaign targeting banks in Portugal
CampaignAbout this happening: **Grandoreiro** is running a new **DLL side-loading** campaign against **banks in Portugal**, extending a long-lived banking-malware operation into **2026**. The latest wave uses...
TrickMo Android banking trojan variant with TON C2 and network pivots
Malware Activity
First: 12.05.2026 15:50
Last: 12.05.2026 15:50
Sources 1
About this happening:
A new **TrickMo** Android banking trojan variant now uses **The Open Network (TON)** for C2, turning infected phones into **network pivots** and **traffic-exit nodes**. It was obs...
TrickMo Android banking trojan variant with TON C2 and network pivots
Malware ActivityAbout this happening: A new **TrickMo** Android banking trojan variant now uses **The Open Network (TON)** for C2, turning infected phones into **network pivots** and **traffic-exit nodes**. It was obs...
CallPhantom Google Play fraud campaign targeting Android users in India and Asia-Pacific
Campaign
First: 08.05.2026 18:08
Last: 08.05.2026 18:08
Sources 1
About this happening:
The **CallPhantom** fraud campaign pushed **28 fake call-history Android apps** through the **Google Play Store**, causing **financial loss** for users who paid for fabricated dat...
CallPhantom Google Play fraud campaign targeting Android users in India and Asia-Pacific
CampaignAbout this happening: The **CallPhantom** fraud campaign pushed **28 fake call-history Android apps** through the **Google Play Store**, causing **financial loss** for users who paid for fabricated dat...
MiningDropper (BeatBanker) modular Android payload framework with encrypted staging
Technical Analysis
First: 24.04.2026 14:48
Last: 24.04.2026 14:48
Sources 1
About this happening:
**MiningDropper (BeatBanker)** now stands out as a **layered modular Android malware framework** that can reuse one delivery chain across **hundreds of samples**, making **static...
MiningDropper (BeatBanker) modular Android payload framework with encrypted staging
Technical AnalysisAbout this happening: **MiningDropper (BeatBanker)** now stands out as a **layered modular Android malware framework** that can reuse one delivery chain across **hundreds of samples**, making **static...
Mirax Android banking trojan with residential proxy nodes
Malware Activity
First: 13.04.2026 17:30
Last: 13.04.2026 17:30
Sources 1
About this happening:
Mirax is spreading across **Europe** with **remote access** and **residential proxy** features, increasing the risk of device compromise, data theft, and traffic abuse. The Androi...
Mirax Android banking trojan with residential proxy nodes
Malware ActivityAbout this happening: Mirax is spreading across **Europe** with **remote access** and **residential proxy** features, increasing the risk of device compromise, data theft, and traffic abuse. The Androi...
Timeline
-
01.12.2025 18:30 2 articles · 5mo ago
Albiriox Android malware activity
Initial DisclosureThe earliest observed phase was a **limited rollout** that used **SMS links** and a fake **Google Play** site to push a malicious **"Penny Market" app** dropper. That stage filtered toward **Austrian mobile users** and then delivered the final **Albiriox** payload.
Show sources
- New Android Albiriox Malware Gains Traction in Dark Web Markets — www.infosecurity-magazine.com — 01.12.2025 18:30
- New Android Albiriox Malware Gains Traction in Dark Web Markets — www.infosecurity-magazine.com — 01.12.2025 18:30