← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Albiriox Exposed: A New RAT Mobile Malware Targeting Global Finance and Crypto Wallets | Cleafy Labs
WHITE CyberHunter_NL 2025-12-03 Modified: 2026-01-02
13
IOCs
MEDIUM VOLUME
A newly identified Android banking malware, Albiriox, is being developed and marketed as a Malware-as-a-Service (MaaS), according to the Cleafy Threat Intelligence team.
albirioxandroid bankingoverlaysystem updatetrojangolden cryptac vncaccessibilityinstallunknown appsandroidanalyzingodfremote access
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Analyzing ODF Remote Access Albiriox
Indicators of Compromise (13)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 61b59eb41c0ae7fc94f800812860b22a 2025-12-03
FileHash-MD5 b6bae028ce6b0eff784de1c5e766ee33 2025-12-03
FileHash-MD5 f09b82182a5935a27566cdb570ce668f 2025-12-03
FileHash-MD5 f5b501e3d766f3024eb532893acc8c6c 2025-12-03
FileHash-SHA1 731a13bad6316fda68c9d57fb4e562dd0c1130ce SHA1 of 61b59eb41c0ae7fc94f800812860b22a 2025-12-03
FileHash-SHA256 5e14181839816bbb4b55badc91f29d382e8d6f603eec2ed8f8b731c35def6b59 SHA256 of 61b59eb41c0ae7fc94f800812860b22a 2025-12-03
domain google-aplication.download 2025-12-03
domain google-app-download.download 2025-12-03
domain google-app-get.com 2025-12-03
domain google-app-install.com 2025-12-03
domain google-get-app.com 2025-12-03
domain google-get.download 2025-12-03
hostname play.google-get.store 2025-12-03
References (1)
↗ https://www.cleafy.com/cleafy-labs/albiriox-rat-mobile-malware-targeting-global-finance-and-crypto-wallets