BeatBanker Android phishing campaign targeting Brazilian users
Campaign
Summary
Hide ▲
Show ▼
A BeatBanker Android phishing campaign is targeting Brazilian users, creating a risk of device compromise and payment theft. The lure uses Google Play Store lookalike pages to deliver malicious APKs onto victims' devices. Once installed, the malware can maintain persistence, enable remote control, and interfere with financial transactions.
Related Happenings
RedWing Android bank-fraud malware rental service
Malware Activity
H score21
First: 07.07.2026 20:10
Last: 07.07.2026 20:10
Sources 1
About this happening:
The **RedWing** Android malware service is being rented on **Telegram** to steal **banking logins**, **OTPs**, and device control, raising fraud risk for **banking and cryptocurre...
RedWing Android bank-fraud malware rental service
Malware ActivityAbout this happening: The **RedWing** Android malware service is being rented on **Telegram** to steal **banking logins**, **OTPs**, and device control, raising fraud risk for **banking and cryptocurre...
Google Play Protect adds warnings and app disabling for compromised SDK abuse
Security Tool/Service
H score11
First: 03.07.2026 12:35
Last: 03.07.2026 12:35
Sources 1
About this happening:
**Google Play Protect** was updated in **July 2026** to **warn Android users automatically** and **disable apps** tied to **compromised SDKs**, limiting abuse of consumer devices...
Google Play Protect adds warnings and app disabling for compromised SDK abuse
Security Tool/ServiceAbout this happening: **Google Play Protect** was updated in **July 2026** to **warn Android users automatically** and **disable apps** tied to **compromised SDKs**, limiting abuse of consumer devices...
Rokarolla Android banking trojan activity
Malware Activity
H score26
First: 16.06.2026 16:15
Last: 16.06.2026 16:15
Sources 1
About this happening:
The **Rokarolla** **Android banking trojan** is expanding phone-level control on infected devices, letting attackers steal credentials, intercept authentication codes, and hide fr...
Rokarolla Android banking trojan activity
Malware ActivityAbout this happening: The **Rokarolla** **Android banking trojan** is expanding phone-level control on infected devices, letting attackers steal credentials, intercept authentication codes, and hide fr...
NFCShare Android malware spreads via fake banking-app updates
Malware Activity
H score21
First: 09.06.2026 01:11
Last: 09.06.2026 01:11
Sources 1
About this happening:
The **NFCShare Android malware** is being spread as **fake banking-app updates on GitHub**, broadening attacks against **customers of multiple banks and financial institutions acr...
NFCShare Android malware spreads via fake banking-app updates
Malware ActivityAbout this happening: The **NFCShare Android malware** is being spread as **fake banking-app updates on GitHub**, broadening attacks against **customers of multiple banks and financial institutions acr...
NFCShare fake banking-app update phishing campaign
Campaign
H score40
First: 09.06.2026 01:11
Last: 09.06.2026 01:11
Sources 1
About this happening:
The **NFCShare** phishing campaign is using **fake banking-app updates** on **GitHub** to steal **payment card data** from customers of multiple banks across **Europe**, expanding...
NFCShare fake banking-app update phishing campaign
CampaignAbout this happening: The **NFCShare** phishing campaign is using **fake banking-app updates** on **GitHub** to steal **payment card data** from customers of multiple banks across **Europe**, expanding...
Timeline
-
12.03.2026 09:56 2 articles · 3mo ago
BeatBanker phishing campaign targets Brazilian Android users
Initial DisclosureBeatBanker targets Brazilian Android users through phishing pages disguised as the Google Play Store, delivering malicious APKs that enable persistence, automated permission granting, accessibility abuse, Firebase-based command-and-control, and transaction hijacking. Recent samples can drop BTMOB RAT instead of the banking module, and some variants also incorporate a cryptocurrency miner and an LLM component.
Show sources
- Six Android Malware Families Target Pix Payments, Banking Apps, and Crypto Wallets — thehackernews.com — 12.03.2026 09:56
- PixRevolution Malware Hijacks Brazil's PIX Transfers in Real Time — www.infosecurity-magazine.com — 12.03.2026 18:00