Albiriox is a newly emerged Android RAT sold as a malware-as-a-service that uses social-engineering droppers, accessibility-driven VNC remote control, and overlay attacks to enable Russian-speaking threat actors to perform on-device banking and crypto fraud against users of hundreds of financial apps worldwide.

CISA reports that two Android Framework vulnerabilities, CVE-2025-48572 and CVE-2025-48633, are being actively exploited in the wild, enabling local privilege escalation without user interaction on Android 13–16 devices and therefore require prioritized remediation as part of vulnerability management programs.