Android users in Brazil have been targeted with the new BeatBanker malware, which is distributed in the form of a fake Starlink app on bogus Google Play Store sites and features both banking trojan and cryptocurrency mining capabilities, reports BleepingComputer.Installation of an APK file purporting to be the Starlink app prompts anti-analysis environment checks and the subsequent display of a counterfeit Play Store update screen that permits further payload delivery, findings from a Kaspersky analysis revealed. After playing an almost inaudible five-second Chinese MP3 recording for persistence, BeatBanker proceeds to launch a banking trojan and a modified XMRig miner version 6.17.0, which could be operated based on device conditions.More recent iterations of BeatBanker were observed to have replaced the banking module with the BTMOB RAT, which could facilitate total device compromise, screen recording, credential exfiltration, keylogging, camera access, and GPS tracking. With such a threat potentially expanding outside Brazil, Android users have been warned against sideloading APKs from external stores.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
Related Terms
AdwareYou can skip this ad in 5 seconds