Group-IB reports that a financially motivated actor it tracks as GoldFactory used smishing/vishing/phishing and government-service impersonation to push malicious APKs and trojan droppers that install modified banking apps across parts of APAC, enabling remote control, data theft, and fraud by bypassing app security controls.

Albiriox is a newly emerged Android RAT sold as a malware-as-a-service that uses social-engineering droppers, accessibility-driven VNC remote control, and overlay attacks to enable Russian-speaking threat actors to perform on-device banking and crypto fraud against users of hundreds of financial apps worldwide.