BeatBanker Android malware targets users with Starlink app disguise

First reported

10.03.2026 23:27

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

A new Android malware named BeatBanker impersonates a Starlink app to hijack devices. It combines banking trojan functions with Monero mining, stealing credentials and tampering with cryptocurrency transactions. The malware is distributed via fake Google Play Store websites and uses sophisticated evasion techniques, including persistence via an inaudible MP3 file and dynamic mining operations. Kaspersky researchers discovered the malware targeting users in Brazil, with potential for expansion to other regions.

Timeline

10.03.2026 23:27 1 articles · 14h ago

BeatBanker Android malware discovered targeting Brazilian users
Kaspersky researchers discovered the BeatBanker Android malware, which impersonates a Starlink app to hijack devices. The malware combines banking trojan functions with Monero mining and uses sophisticated evasion techniques, including persistence via an inaudible MP3 file and dynamic mining operations. The malware deploys the BTMOB RAT, providing operators with extensive control over infected devices. All observed infections are currently targeting users in Brazil.
Show sources

New BeatBanker Android malware poses as Starlink app to hijack devices — www.bleepingcomputer.com — 10.03.2026 23:27
Open in new tab

Information Snippets

BeatBanker combines banking trojan functions with Monero mining capabilities.
First reported: 10.03.2026 23:27

1 source, 1 article
Show sources
- New BeatBanker Android malware poses as Starlink app to hijack devices — www.bleepingcomputer.com — 10.03.2026 23:27
The malware is distributed as an APK file that uses native libraries to decrypt and load hidden DEX code into memory for evasion.
First reported: 10.03.2026 23:27

1 source, 1 article
Show sources
- New BeatBanker Android malware poses as Starlink app to hijack devices — www.bleepingcomputer.com — 10.03.2026 23:27
BeatBanker deploys the BTMOB RAT, providing operators with full device control, keylogging, screen recording, camera access, GPS tracking, and credential-capture capabilities.
First reported: 10.03.2026 23:27

1 source, 1 article
Show sources
- New BeatBanker Android malware poses as Starlink app to hijack devices — www.bleepingcomputer.com — 10.03.2026 23:27
The malware maintains persistence by continuously playing a nearly inaudible 5-second MP3 file.
First reported: 10.03.2026 23:27

1 source, 1 article
Show sources
- New BeatBanker Android malware poses as Starlink app to hijack devices — www.bleepingcomputer.com — 10.03.2026 23:27
BeatBanker uses a modified XMRig miner version 6.17.0 for Monero mining on Android devices.
First reported: 10.03.2026 23:27

1 source, 1 article
Show sources
- New BeatBanker Android malware poses as Starlink app to hijack devices — www.bleepingcomputer.com — 10.03.2026 23:27
The malware uses Firebase Cloud Messaging (FCM) to send device information to the C2 server.
First reported: 10.03.2026 23:27

1 source, 1 article
Show sources
- New BeatBanker Android malware poses as Starlink app to hijack devices — www.bleepingcomputer.com — 10.03.2026 23:27
All observed BeatBanker infections are currently targeting users in Brazil.
First reported: 10.03.2026 23:27

1 source, 1 article
Show sources
- New BeatBanker Android malware poses as Starlink app to hijack devices — www.bleepingcomputer.com — 10.03.2026 23:27

Summary

Timeline

BeatBanker Android malware discovered targeting Brazilian users

Information Snippets