Researchers discovered BeatBanker, a new Android trojan campaign in Brazil that infects phones via fake apps mimicking Starlink and the INSS Reembolso portal to steal banking credentials and manipulate cryptocurrency transactions. The malware also secretly mines Monero while using battery and activity monitoring plus a nearly inaudible audio loop to maintain persistence, and some variants deliver the BTMOB remote-access trojan to give attackers full control. #BeatBanker #Monero
Keypoints
- BeatBanker spreads through fake applications and a website impersonating the Google Play Store to lure victims.
- The malware steals banking credentials and overlays transaction screens to redirect USDT transfers on apps like Binance and Trust Wallet.
- It secretly mines Monero and monitors battery temperature, battery level, and user activity to time mining operations and remain undetected.
- To maintain persistence, the app continuously plays a nearly inaudible audio file so Android will not terminate it for inactivity.
- A campaign variant delivers the BTMOB remote-access trojan for full device control, with infections observed in Brazil and distribution via WhatsApp messages and phishing pages.
Read More: https://therecord.media/fake-gov-apps-malware-android-brazil