216.73.216.133

BeatBanker: both banker and miner for Android

· Published 10/03/2026 12:26 · Modified 10/03/2026 13:02

Export JSON

Essential information

Published
10/03/2026 12:26
Modified
10/03/2026 13:02
Tags
2026-03-10 android banking trojan beatbanker brazil btmob cryptocurrency overlay persistence phishing rat
Related entities
5 observables, 2 malware, 10 others

Description

is a sophisticated malware campaign targeting . It spreads through attacks using a fake Google Play Store website. The malware combines a miner and a capable of hijacking devices and overlaying screens. It employs creative mechanisms, including playing an inaudible audio loop. monitors device status, disguises itself as legitimate apps, and targets transactions on Binance and Trust Wallet. Recent variants have replaced the banking module with the remote administration tool, expanding its capabilities. The threat demonstrates advanced evasion techniques, uses Firebase Cloud Messaging for command and control, and targets multiple browsers for data collection. Victims are primarily located in , with some samples spreading via WhatsApp.

External references