Albiriox Austrian-targeting distribution campaign
Campaign
Summary
Hide ▲
Show ▼
The Albiriox distribution campaign targeted Austrian victims, using German-language SMS lures and fake Google Play Store listings to deliver a dropper APK and enable mobile fraud. The activity matters because it combines social engineering, credential theft, and remote device control against users in a specific country. The operation also shows a shift from lure messages to lookalike app pages and a phone-number collection flow for follow-on delivery.
Related Happenings
Booking.com partner accommodation phishing campaign targeting Japan
Campaign
H score32
First: 30.06.2026 13:30
Last: 30.06.2026 13:30
Sources 1
About this happening:
A **phishing campaign** is targeting **Booking.com partner accommodations in Japan** with guest-complaint and review-request lures that deliver **malicious files** for **TONResolv...
Booking.com partner accommodation phishing campaign targeting Japan
CampaignAbout this happening: A **phishing campaign** is targeting **Booking.com partner accommodations in Japan** with guest-complaint and review-request lures that deliver **malicious files** for **TONResolv...
WhatsApp VBScript phishing campaign targeting users in multiple countries
Campaign
H score43
First: 23.06.2026 01:42
Last: 23.06.2026 01:42
Sources 1
About this happening:
An **ongoing phishing campaign** is using **compromised WhatsApp accounts** to send **obfuscated VBScript files** to users in **multiple countries**, creating a path to **remote s...
WhatsApp VBScript phishing campaign targeting users in multiple countries
CampaignAbout this happening: An **ongoing phishing campaign** is using **compromised WhatsApp accounts** to send **obfuscated VBScript files** to users in **multiple countries**, creating a path to **remote s...
Outsider Telegram-run smishing campaign targeting Americans
Campaign
H score53
First: 12.06.2026 21:59
Last: 12.06.2026 21:59
Sources 1
About this happening:
The **Outsider Enterprise** happening is a **phishing-as-a-service** campaign tied to a **Chinese cybercrime network** that used **AI** and distributed phishing kits to impersonat...
Outsider Telegram-run smishing campaign targeting Americans
CampaignAbout this happening: The **Outsider Enterprise** happening is a **phishing-as-a-service** campaign tied to a **Chinese cybercrime network** that used **AI** and distributed phishing kits to impersonat...
Latest development: 14.06.2026 17:36
The FBI, working with Google and Black Lotus Labs, dismantled Outsider Enterprise, a Chinese phishing-as-a-service operation that used AI and distributed phishing kits to impersonate trusted brands in texts sent through AT&T, T-Mobile and Verizon. The takedown included seizures of administration servers, a Shopify e-commerce storefront, a testing account, around $100,000 USDT and a Telegram bot linked to the service, while Google pursued civil action and coordinated with carriers to block fraudulent messages.
Google Gemini on Android notification-injection bypass using Fake Context Alignment
Technical Analysis
H score16
First: 03.06.2026 22:11
Last: 03.06.2026 22:11
Sources 1
About this happening:
Researchers found a **notification-based prompt-injection bypass** in **Google Gemini on Android** that could turn hostile notification text into **unauthorized assistant actions*...
Google Gemini on Android notification-injection bypass using Fake Context Alignment
Technical AnalysisAbout this happening: Researchers found a **notification-based prompt-injection bypass** in **Google Gemini on Android** that could turn hostile notification text into **unauthorized assistant actions*...
Google rolls out Android fake call detection against AI impersonation scam calls
Security Tool/Service
H score20
First: 03.06.2026 12:02
Last: 03.06.2026 12:02
Sources 1
About this happening:
**Google** is rolling out **fake call detection** on **Android 12 and later** devices this month, giving users a built-in warning when a caller may be using **AI voice-cloning** o...
Google rolls out Android fake call detection against AI impersonation scam calls
Security Tool/ServiceAbout this happening: **Google** is rolling out **fake call detection** on **Android 12 and later** devices this month, giving users a built-in warning when a caller may be using **AI voice-cloning** o...
Timeline
-
01.12.2025 10:45 2 articles · 7mo ago
Albiriox targets Austrian Android users
Initial DisclosureAlbiriox malware-as-a-service targeted Austrian victims with German-language SMS lures and shortened links that led to fake Google Play Store pages for apps such as PENNY Angebote & Coupons. A related PENNY-themed website asked victims to enter a phone number to receive a WhatsApp download link, and the entered numbers were exfiltrated to a Telegram bot. The delivery chain used dropper APKs to install the main malware, which supports VNC-based remote control, accessibility-driven interaction, overlays, and an unencrypted TCP C2 for on-device fraud and stealth.
Show sources
- New Albiriox MaaS Malware Targets 400+ Apps for On-Device Fraud and Screen Control — thehackernews.com — 01.12.2025 10:45
- New Android Albiriox Malware Gains Traction in Dark Web Markets — www.infosecurity-magazine.com — 01.12.2025 18:30