Find notable cyber news and cases, enriched with sources, timelines, and signals.

MiningDropper (BeatBanker) modular Android payload framework with encrypted staging

Technical Analysis
First reported
Last updated
Happening score
H score 22
1 unique sources, 1 articles

Summary

Hide ▲

MiningDropper (BeatBanker) now stands out as a layered modular Android malware framework that can reuse one delivery chain across hundreds of samples, making static analysis and blocklisting harder. The framework swaps final payloads as needed, including cryptomining, information theft, remote access, and banking malware. Its use of XOR-based native obfuscation, AES-encrypted payload staging, dynamic DEX loading, and anti-emulation raises the cost of inspection and detection. The result is a flexible Android infection platform that can be repurposed quickly for different monetization goals.

Related Happenings

Asin Android spyware distribution through fake utility, PDF, and war-map apps

Malware Activity
H score22 First: 05.06.2026 17:53 Last: 05.06.2026 17:53 Sources 1

About this happening: The **Asin** Android spyware activity is being distributed through fake utility, PDF, and war-map apps, putting **Arabic-speaking users** at risk of covert surveillance on **Andro...

CL-CRI-1089 Operation FlutterBridge macOS malvertising campaign

Campaign
H score33 First: 04.06.2026 14:19 Last: 04.06.2026 14:19 Sources 1

About this happening: A **macOS malvertising campaign** is delivering **FlutterShell** through malicious ads and trojanized apps, expanding browser-hijacking and backdoor risk across **the U.S., Canada...

Apple and Google Messages beta rollout of cross-platform E2EE RCS

Security Tool/Service
H score11 First: 12.05.2026 16:00 Last: 12.05.2026 16:00 Sources 1

About this happening: Apple and Google have begun a **beta rollout** of **end-to-end encrypted RCS** between **iPhone** and **Android** devices, materially reducing carrier and in-transit visibility fo...

MacOS living-off-the-land analysis exposing native-feature abuse

Technical Analysis
H score20 First: 22.04.2026 19:30 Last: 22.04.2026 19:30 Sources 1

About this happening: Native macOS features are now being repurposed for **code execution**, **lateral movement**, and **evasion**, widening detection gaps across enterprise Apple fleets. The analysis...

MacOS LOTL detection and hardening guidance against native-tool abuse

Defensive Guidance
H score17 First: 22.04.2026 19:30 Last: 22.04.2026 19:30 Sources 1

About this happening: Defensive guidance now pushes **macOS** security teams to detect native-tool abuse by shifting toward **process lineage analysis**, because attackers are using built-in features t...

Timeline

  1. 24.04.2026 14:48 2 articles · 2mo ago

    MiningDropper (BeatBanker) modular Android malware analysis

    Technical Analysis Update

    Cyble identified MiningDropper, also known as BeatBanker, as a layered Android malware delivery framework that targets users in India, Latin America, Europe, and Asia through trojanized Lumolight builds and fake websites impersonating banking institutions and regional transport offices. The framework combines encrypted payload staging, dynamic DEX loading, XOR-based native obfuscation, AES-encrypted payload staging, and anti-emulation techniques to deliver cryptomining, information theft, remote access, and banking malware payloads.

    Show sources