Albiriox is a newly identified Android malware offered as Malware-as-a-Service, likely managed by Russian-speaking threat actors. It employs a two-stage deployment chain using dropper applications and packing techniques to evade detection. The malware exhibits advanced On-Device Fraud capabilities, enabling remote control, screen manipulation, and real-time interaction with infected devices. Albiriox targets over 400 global financial and cryptocurrency applications, combining VNC-based remote access and overlay attack mechanisms. The malware's sophisticated features include device takeover, real-time interaction, and unauthorized operations while remaining undetected. Its MaaS model and ongoing development suggest potential for rapid adoption among threat actors seeking efficient mobile fraud tools.