Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

BeatBanker Android phishing campaign targeting Brazilian users

Campaign
First reported
Last updated
Happening score
H score 40
2 unique sources, 2 articles

Summary

Hide ▲

A BeatBanker Android phishing campaign is targeting Brazilian users, creating a risk of device compromise and payment theft. The lure uses Google Play Store lookalike pages to deliver malicious APKs onto victims' devices. Once installed, the malware can maintain persistence, enable remote control, and interfere with financial transactions.

Related Happenings

Trapdoor Android malvertising and ad-fraud campaign

Campaign
First: 19.05.2026 19:38 Last: 19.05.2026 19:38 Sources 1

About this happening: The **Trapdoor** campaign is a **self-sustaining malvertising and ad-fraud operation** targeting **Android users** and turning app installs into revenue through threat-actor-contr...

Open Happening

TrickMo Android banking trojan variant with TON C2 and network pivots

Malware Activity
First: 12.05.2026 15:50 Last: 12.05.2026 15:50 Sources 1

About this happening: A new **TrickMo** Android banking trojan variant now uses **The Open Network (TON)** for C2, turning infected phones into **network pivots** and **traffic-exit nodes**. It was obs...

Open Happening

TrickMo C TikTok-lure campaign targeting banking and wallet users in France, Italy, and Austria

Campaign
First: 11.05.2026 18:15 Last: 11.05.2026 18:15 Sources 1

About this happening: The **TrickMo** operators ran an active **TikTok-themed** campaign between **January and February 2026**, targeting **banking and wallet users** in **France, Italy and Austria**....

Open Happening

PromptSpy backdoor for Android with Gemini API automation

Malware Activity
First: 11.05.2026 16:02 Last: 11.05.2026 16:02 Sources 1

About this happening: The **PromptSpy** backdoor for **Android** was highlighted for using **Gemini APIs** to automate device interaction, increasing the risk of unauthorized control on infected phones...

Open Happening

TrickMo Android banking malware adds TON-based covert command-and-control

Malware Activity
First: 11.05.2026 12:03 Last: 11.05.2026 12:03 Sources 1

About this happening: The **TrickMo Android banking malware** has added **TON-based covert command-and-control**, making its operator infrastructure harder to identify, block, or take down for victims...

Open Happening

Timeline

  1. 12.03.2026 09:56 2 articles · 2mo ago

    BeatBanker phishing campaign targets Brazilian Android users

    Initial Disclosure

    BeatBanker targets Brazilian Android users through phishing pages disguised as the Google Play Store, delivering malicious APKs that enable persistence, automated permission granting, accessibility abuse, Firebase-based command-and-control, and transaction hijacking. Recent samples can drop BTMOB RAT instead of the banking module, and some variants also incorporate a cryptocurrency miner and an LLM component.

    Show sources
    Open in new tab