MiningDropper (BeatBanker) modular Android payload framework with encrypted staging
Technical Analysis
Summary
Hide ▲
Show ▼
MiningDropper (BeatBanker) now stands out as a layered modular Android malware framework that can reuse one delivery chain across hundreds of samples, making static analysis and blocklisting harder. The framework swaps final payloads as needed, including cryptomining, information theft, remote access, and banking malware. Its use of XOR-based native obfuscation, AES-encrypted payload staging, dynamic DEX loading, and anti-emulation raises the cost of inspection and detection. The result is a flexible Android infection platform that can be repurposed quickly for different monetization goals.
Related Happenings
Apple and Google Messages beta rollout of cross-platform E2EE RCS
Security Tool/Service
First: 12.05.2026 16:00
Last: 12.05.2026 16:00
Sources 1
About this happening:
Apple and Google have begun a **beta rollout** of **end-to-end encrypted RCS** between **iPhone** and **Android** devices, materially reducing carrier and in-transit visibility fo...
Apple and Google Messages beta rollout of cross-platform E2EE RCS
Security Tool/ServiceAbout this happening: Apple and Google have begun a **beta rollout** of **end-to-end encrypted RCS** between **iPhone** and **Android** devices, materially reducing carrier and in-transit visibility fo...
MacOS living-off-the-land analysis exposing native-feature abuse
Technical Analysis
First: 22.04.2026 19:30
Last: 22.04.2026 19:30
Sources 1
About this happening:
Native macOS features are now being repurposed for **code execution**, **lateral movement**, and **evasion**, widening detection gaps across enterprise Apple fleets. The analysis...
MacOS living-off-the-land analysis exposing native-feature abuse
Technical AnalysisAbout this happening: Native macOS features are now being repurposed for **code execution**, **lateral movement**, and **evasion**, widening detection gaps across enterprise Apple fleets. The analysis...
MacOS LOTL detection and hardening guidance against native-tool abuse
Defensive Guidance
First: 22.04.2026 19:30
Last: 22.04.2026 19:30
Sources 1
About this happening:
Defensive guidance now pushes **macOS** security teams to detect native-tool abuse by shifting toward **process lineage analysis**, because attackers are using built-in features t...
MacOS LOTL detection and hardening guidance against native-tool abuse
Defensive GuidanceAbout this happening: Defensive guidance now pushes **macOS** security teams to detect native-tool abuse by shifting toward **process lineage analysis**, because attackers are using built-in features t...
NGate malware trojanized HandyPay NFC-stealing variant
Malware Activity
First: 21.04.2026 12:00
Last: 21.04.2026 12:00
Sources 1
About this happening:
A **new NGate variant** is stealing **NFC payment data** from **Android users in Brazil**, raising the risk of **unauthorized purchases** and **ATM cash withdrawals**. The malware...
NGate malware trojanized HandyPay NFC-stealing variant
Malware ActivityAbout this happening: A **new NGate variant** is stealing **NFC payment data** from **Android users in Brazil**, raising the risk of **unauthorized purchases** and **ATM cash withdrawals**. The malware...
FakeWallet Apple App Store wallet-stealing apps
Malware Activity
First: 21.04.2026 00:52
Last: 21.04.2026 00:52
Sources 1
How related:
The 26 apps, collectively dubbed FakeWallet, mimic various popular wallets like Bitpie, Coinbase, imToken, Ledger, MetaMask, TokenPocket, and Trust Wallet.
About this happening:
The **FakeWallet** app set turned the **Apple App Store** into a delivery channel for **26 malicious wallet lookalikes**, putting crypto holders at risk of account takeover and th...
FakeWallet Apple App Store wallet-stealing apps
Malware ActivityHow related: The 26 apps, collectively dubbed FakeWallet, mimic various popular wallets like Bitpie, Coinbase, imToken, Ledger, MetaMask, TokenPocket, and Trust Wallet.
About this happening: The **FakeWallet** app set turned the **Apple App Store** into a delivery channel for **26 malicious wallet lookalikes**, putting crypto holders at risk of account takeover and th...
Timeline
-
24.04.2026 14:48 2 articles · 1mo ago
MiningDropper (BeatBanker) modular Android malware analysis
Technical Analysis UpdateCyble identified MiningDropper, also known as BeatBanker, as a layered Android malware delivery framework that targets users in India, Latin America, Europe, and Asia through trojanized Lumolight builds and fake websites impersonating banking institutions and regional transport offices. The framework combines encrypted payload staging, dynamic DEX loading, XOR-based native obfuscation, AES-encrypted payload staging, and anti-emulation techniques to deliver cryptomining, information theft, remote access, and banking malware payloads.
Show sources
- 26 FakeWallet Apps Found on Apple App Store Targeting Crypto Seed Phrases — thehackernews.com — 24.04.2026 14:48
- 26 FakeWallet Apps Found on Apple App Store Targeting Crypto Seed Phrases — thehackernews.com — 24.04.2026 14:48