A new Android malware known as Albiriox is making waves in the cybercrime world. Identified by Cleafy researchers, this malware operates as a Malware-as-a-Service (MaaS), allowing attackers to gain complete control over infected devices. Albiriox emerged in September 2025 in underground forums and rapidly transitioned to a commercial service by October, with a subscription fee of around $650 per month. The malware employs a deceptive two-stage infection process. Victims are lured through SMS messages that promise discounts, leading them to a fraudulent Google Play Store page. After downloading a dropper application, the malware installs itself by requesting permissions to fetch the main payload from a command-and-control server. Albiriox targets over 400 financial and cryptocurrency applications, using sophisticated evasion techniques like the "Golden Crypt" obfuscation method to avoid detection by antivirus software. Once active, Albiriox utilizes Accessibility Services to conduct overlay attacks and keylogging, making it particularly dangerous for financial transactions. Its ability to stream screens while manipulating accessibility features allows attackers to operate without detection, posing a significant threat to both users and financial institutions.