Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

BeatBanker Android malware activity

Malware Activity
First reported
Last updated
Happening score
H score 16
2 unique sources, 2 articles

Summary

Hide ▲

The BeatBanker Android malware is actively hijacking devices by posing as a Starlink app, creating risk of credential theft, illicit mining, and remote device control. It combines banking trojan behavior with Monero mining and can also deploy BTMOB RAT for full access. Observed infections were concentrated in Brazil, and the newest variant can replace the banking module with a remote-access payload.

Related Happenings

Grandoreiro and BTMOB banking trojan activity targeting Windows and Android

Malware Activity
First: 27.05.2026 19:10 Last: 27.05.2026 19:10 Sources 1

About this happening: The **Grandoreiro** and **BTMOB** trojans are being used in active campaigns against **Windows** and **Android** targets across **Europe** and **Latin America**, increasing the ri...

Open Happening

BTMOB Android RAT no-code builder malware activity

Malware Activity
First: 26.05.2026 17:00 Last: 26.05.2026 17:00 Sources 1

About this happening: The **BTMOB** Android RAT is spreading through **phishing campaigns** across **Brazil and beyond**, raising the risk of **custom payload delivery** and **remote device takeover**....

Open Happening

Google rolls out Android Intrusion Logging in Android Advanced Protection Mode

Security Tool/Service
First: 14.05.2026 16:30 Last: 14.05.2026 16:30 Sources 1

About this happening: Google has released **Android Intrusion Logging** for **Android Advanced Protection Mode**, giving **high-risk Android users** encrypted forensic logs to investigate suspected **s...

Open Happening

Android Intrusion Logging forensic logging rollout for spyware investigations

Security Tool/Service
First: 13.05.2026 09:55 Last: 13.05.2026 09:55 Sources 1

About this happening: **Android** is adding **Intrusion Logging**, an opt-in forensic feature in **Advanced Protection Mode** that preserves device and network activity for suspected spyware compromise...

Open Happening

Android 17 expands platform security and privacy protections

Security Tool/Service
First: 12.05.2026 20:00 Last: 12.05.2026 20:00 Sources 1

About this happening: **Android 17** will add a broad set of **Google**-backed security and privacy controls next month, reducing exposure to **banking scam calls**, **device theft**, and **OTP theft**...

Open Happening

Timeline

  1. 10.03.2026 23:27 2 articles · 2mo ago

    BeatBanker Android malware disclosure and campaign details

    Initial Disclosure

    Kaspersky disclosed BeatBanker as a new Android malware campaign targeting users in Brazil that poses as a Starlink app on fake Google Play Store websites to hijack devices, steal credentials, tamper with cryptocurrency transactions, and mine Monero. The newest variant replaces the banking module with BTMOB RAT, while the malware also uses APK delivery, hidden DEX loading, delayed malicious operations, and continuous playback of output8.mp3 to keep a foreground service active.

    Show sources
    Open in new tab