← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Albiriox Exposed: A New RAT Mobile Malware Targeting Global Finance and Crypto Wallets
WHITE PetrP.73 2025-12-05 Modified: 2026-01-04
19
IOCs
MEDIUM VOLUME
Albiriox is a newly identified family of Android malware emerging as a Malware-as-a-Service (MaaS) that targets global financial and cryptocurrency sectors. Managed by Russian-speaking threat actors, Albiriox shows active development and a sophisticated two-stage deployment strategy designed to evade detection. The initial delivery mechanism involves dropper applications disguised as legitimate software, utilizing social engineering tactics, including the creation of fake Google Play pages.
albirioxandroid bankingoverlaysystem updatetrojangolden cryptac vncaccessibilityinstallunknown appsandroidanalyzingodfremote access
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Albiriox
Indicators of Compromise (19)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 61b59eb41c0ae7fc94f800812860b22a 2025-12-05
FileHash-MD5 b6bae028ce6b0eff784de1c5e766ee33 2025-12-05
FileHash-MD5 f09b82182a5935a27566cdb570ce668f 2025-12-05
FileHash-MD5 f5b501e3d766f3024eb532893acc8c6c 2025-12-05
FileHash-SHA1 1bf53adfede11f6857a95d7b74b40011ff201009 SHA1 of b6bae028ce6b0eff784de1c5e766ee33 2025-12-05
FileHash-SHA1 731a13bad6316fda68c9d57fb4e562dd0c1130ce SHA1 of 61b59eb41c0ae7fc94f800812860b22a 2025-12-05
FileHash-SHA1 b0913e8cbff6a9623cf97a3d4d796ec259e24df7 SHA1 of f5b501e3d766f3024eb532893acc8c6c 2025-12-05
FileHash-SHA1 bb2b152adbba554409746bf64d8df71d80a236ea SHA1 of f09b82182a5935a27566cdb570ce668f 2025-12-05
FileHash-SHA256 070640095c935c245f960e4e2e3e93720dd57465c81fa9c72426ee008c627bf3 SHA256 of b6bae028ce6b0eff784de1c5e766ee33 2025-12-05
FileHash-SHA256 5e14181839816bbb4b55badc91f29d382e8d6f603eec2ed8f8b731c35def6b59 SHA256 of 61b59eb41c0ae7fc94f800812860b22a 2025-12-05
FileHash-SHA256 630b047722d553495def3b8e744f2f621209e1a77389c09a9a972eeb243f9ed8 SHA256 of f09b82182a5935a27566cdb570ce668f 2025-12-05
FileHash-SHA256 a0c9d6eb1932c96a11301c00cf96ce9767fb11401e090f215f972df06b09a878 SHA256 of f5b501e3d766f3024eb532893acc8c6c 2025-12-05
domain google-aplication.download 2025-12-05
domain google-app-download.download 2025-12-05
domain google-app-get.com 2025-12-05
domain google-app-install.com 2025-12-05
domain google-get-app.com 2025-12-05
domain google-get.download 2025-12-05
hostname play.google-get.store 2025-12-05
References (1)
↗ https://www.cleafy.com/cleafy-labs/albiriox-rat-mobile-malware-targeting-global-finance-and-crypto-wallets#6