Overview
- Security firm Cleafy details Albiriox as a Remote Access Trojan that streams the screen and performs taps, swipes, and typing inside legitimate financial apps.
- The malware abuses Android accessibility features, uses overlays, and can mask activity with a black screen to bypass OTP and other multi‑factor prompts.
- Distribution relies on sideloaded APKs delivered via fake Google Play pages, phishing landing pages, and WhatsApp or Telegram links using a dropper and fake system‑update UI.
- Configuration analysis shows targeting for more than 400 banking, payment, and cryptocurrency apps, signaling broad potential reach beyond initial Austrian and European victims.
- Cleafy and multiple outlets say Albiriox is sold as Malware‑as‑a‑Service, reportedly around $650 per month, with forum and Telegram chatter suggesting Russian‑language operator involvement.