{
  "name": "Albiriox Exposed: A New RAT Mobile Malware Targeting Global Finance and Crypto Wallets",
  "slug": "albiriox-exposed-a-new-rat-mobile-malware-targeting-global-finance-and-crypto-wallets",
  "description": "Albiriox is a newly identified Android malware offered as Malware-as-a-Service, likely managed by Russian-speaking threat actors. It employs a two-stage deployment chain using dropper applications and packing techniques to evade detection. The malware exhibits advanced On-Device Fraud capabilities, enabling remote control, screen manipulation, and real-time interaction with infected devices. Albiriox targets over 400 global financial and cryptocurrency applications, combining VNC-based remote access and overlay attack mechanisms. The malware's sophisticated features include device takeover, real-time interaction, and unauthorized operations while remaining undetected. Its MaaS model and ongoing development suggest potential for rapid adoption among threat actors seeking efficient mobile fraud tools.",
  "published": "2025-12-03T19:19:09+00:00",
  "created_at": "2025-12-03T19:19:09+00:00",
  "modified_at": "2025-12-21T17:24:12+00:00",
  "created_at_opencti": "2025-12-03T19:19:09+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2025-12-03",
    "albiriox",
    "android",
    "banking trojan",
    "cryptocurrency",
    "evasion techniques",
    "maas",
    "on-device fraud",
    "overlay attacks",
    "rat",
    "vnc"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "5e14181839816bbb4b55badc91f29d382e8d6f603eec2ed8f8b731c35def6b59"
      },
      {
        "id": "",
        "name": "a0c9d6eb1932c96a11301c00cf96ce9767fb11401e090f215f972df06b09a878"
      },
      {
        "id": "",
        "name": "630b047722d553495def3b8e744f2f621209e1a77389c09a9a972eeb243f9ed8"
      },
      {
        "id": "",
        "name": "070640095c935c245f960e4e2e3e93720dd57465c81fa9c72426ee008c627bf3"
      }
    ],
    "malware": [
      {
        "id": "legacy:malware:9cb51665e04e829a",
        "name": "Albiriox",
        "slug": "albiriox"
      }
    ],
    "attack_patterns": [
      {
        "id": "16e4fc82-7c0b-4d1a-b784-b804b4df26dc",
        "name": "T1204.001"
      },
      {
        "id": "9f11a241-9abc-4c57-95dd-33955ab08826",
        "name": "T1078"
      },
      {
        "id": "cf746a02-00ea-419e-912d-7b03f969c491",
        "name": "T1518.001"
      },
      {
        "id": "dc410646-9cdd-427b-92e7-179a54f78f90",
        "name": "T1566.001"
      },
      {
        "id": "2e0c6db7-16a7-4bf6-992e-263474014fce",
        "name": "T1059.004"
      },
      {
        "id": "5999052b-e9ae-49e8-9235-d9bf975c22af",
        "name": "T1547.001"
      },
      {
        "id": "52b92395-d3d3-4e05-976a-0fccccfce8d2",
        "name": "T1566.002"
      }
    ],
    "others": [
      {
        "id": "",
        "name": "google-app-install.com"
      },
      {
        "id": "",
        "name": "google-app-get.com"
      },
      {
        "id": "",
        "name": "google-app-download.download"
      },
      {
        "id": "",
        "name": "google-get.download"
      },
      {
        "id": "",
        "name": "google-aplication.download"
      },
      {
        "id": "",
        "name": "play.google-get.store"
      },
      {
        "id": "",
        "name": "google-get-app.com"
      }
    ]
  },
  "external_refs": [
    "https://otx.alienvault.com/pulse/69309b3dc9fb51eed9634ec3",
    "https://www.cleafy.com/cleafy-labs/albiriox-rat-mobile-malware-targeting-global-finance-and-crypto-wallets"
  ]
}