502/68 Tuesday, December 2, 2025
Cybersecurity firm Cleafy has reported the discovery of a new Android malware called Albiriox, developed by a Russian-speaking cybercriminal group and advertised on underground forums as a Malware-as-a-Service (MaaS) for $720 per month. The malware is classified as a banking trojan designed specifically for on-device fraud (ODF), enabling attackers to remotely control an infected Android device and perform financial or crypto transactions on behalf of the victim. While its remote access capabilities are already fully functional, its overlay attack mechanism-which uses phishing screens over legitimate apps-is still under development.
Albiriox was first identified in September 2025, followed by a subscription-based service launch in October, during which the developer began recruiting testers. One of the earliest campaigns targeted users in Austria through a fake Penny supermarket app acting as a dropper, which requested elevated permissions and then installed the Albiriox payload. Analysis indicates that the malware targets over 400 apps globally, spanning banking, cryptocurrency, fintech, digital wallets, trading, payments, investment, and gaming services.
To enhance its ability to evade detection, the developers have integrated a builder that works with an encryptor service called Golden Crypt, which obfuscates code and increases successful installation rates—particularly during multi-stage infection and device takeover via the Accessibility Service. Cleafy notes that while Albiriox is still under development, its core functionality related to device control and fraudulent transactions is fully operational and likely to be deployed more widely in the near future.
Source https://www.securityweek.com/new-albiriox-android-malware-developed-by-russian-cybercriminals/
