Albiriox Malware Surfaces on Dark Web

Cybersecurity researchers at ThreatFabric have identified a new Android malware named Albiriox. The malware is being actively advertised and sold on dark web forums as a Malware-as-a-Service (MaaS) package. The threat actor promoting Albiriox operates under the alias ‘Albirio.’ This MaaS is available for purchase via a subscription model, listed at $200 per month or $1000 for a lifetime license.

Technical Capabilities and Functionality

Albiriox is a Remote Access Trojan (RAT) that leverages Android’s Accessibility Services to carry out its functions. Its documented capabilities include keylogging and capturing screenshots from the infected device. The malware contains a Virtual Network Computing (VNC) module, which grants the operator remote control over the device’s screen. Researchers confirmed that Albiriox is designed to steal data from two-factor authentication (2FA) applications like Google Authenticator and can exfiltrate cryptocurrency wallet seed phrases. Furthermore, the malware utilizes web injections targeting more than 43 specific applications to steal user credentials. While ThreatFabric noted that Albiriox is in its early stages of development, the firm has observed it being used in the wild.

Source: https://www.infosecurity-magazine.com/news/android-maas-malware-albiriox-dark/