Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Albiriox Austrian-targeting distribution campaign

Campaign
First reported
Last updated
Happening score
H score 39
2 unique sources, 2 articles

Summary

Hide ▲

The Albiriox distribution campaign targeted Austrian victims, using German-language SMS lures and fake Google Play Store listings to deliver a dropper APK and enable mobile fraud. The activity matters because it combines social engineering, credential theft, and remote device control against users in a specific country. The operation also shows a shift from lure messages to lookalike app pages and a phone-number collection flow for follow-on delivery.

Related Happenings

BTMOB phishing campaign targeting Android users in Brazil and beyond

Campaign
First: 26.05.2026 17:00 Last: 26.05.2026 17:00 Sources 1

About this happening: The **BTMOB phishing distribution campaign** is pushing **malicious APKs** through **fake app stores**, expanding Android compromise risk across **Brazil and beyond**. Operators l...

Open Happening

Nimbus Manticore multi-wave aviation and software phishing and SEO poisoning campaign

Campaign
First: 26.05.2026 10:13 Last: 26.05.2026 10:13 Sources 1

About this happening: Nimbus Manticore's **February-April 2026** campaign widened into **multi-wave phishing and SEO poisoning**, increasing risk to organizations in the **U.S., Europe, and the Middle...

Open Happening

Trapdoor Android malvertising and ad-fraud campaign

Campaign
First: 19.05.2026 19:38 Last: 19.05.2026 19:38 Sources 1

About this happening: The **Trapdoor** campaign is a **self-sustaining malvertising and ad-fraud operation** targeting **Android users** and turning app installs into revenue through threat-actor-contr...

Open Happening

Mirax Android banking trojan with residential proxy nodes

Malware Activity
First: 13.04.2026 17:30 Last: 13.04.2026 17:30 Sources 1

About this happening: Mirax is spreading across **Europe** with **remote access** and **residential proxy** features, increasing the risk of device compromise, data theft, and traffic abuse. The Androi...

Open Happening

Mirax social media ad campaign targeting Spanish-speaking users

Campaign
First: 13.04.2026 17:30 Last: 13.04.2026 17:30 Sources 1

About this happening: The **Mirax** distribution campaign is using **social media advertisements** and **fake IPTV or streaming apps** to reach **Spanish-speaking users** at scale, raising the risk of...

Open Happening

Timeline

  1. 01.12.2025 10:45 2 articles · 5mo ago

    Albiriox targets Austrian Android users

    Initial Disclosure

    Albiriox malware-as-a-service targeted Austrian victims with German-language SMS lures and shortened links that led to fake Google Play Store pages for apps such as PENNY Angebote & Coupons. A related PENNY-themed website asked victims to enter a phone number to receive a WhatsApp download link, and the entered numbers were exfiltrated to a Telegram bot. The delivery chain used dropper APKs to install the main malware, which supports VNC-based remote control, accessibility-driven interaction, overlays, and an unencrypted TCP C2 for on-device fraud and stealth.

    Show sources
    Open in new tab