BeatBanker: An Android Trojan that operates in two modes

[fullfitlarry]

Kaspersky recently identified a Android base malware that target Brazil again. The mode of infection is that it spreads thru phishing attacks disguised as a legitimate apps in Google Play Store.

For it's cryptocurrency capability,

• It deploys a banker in addition to a cryptocurrency miner.
• When the user attempts to make a USDT transaction, BeatBanker creates overlay pages for Binance and Trust Wallet, covertly replacing the destination address with the threat actor’s transfer address.

So it will deploy as a miner and then track and monitor if you will make a USDT transaction and then becoming a copy and paste malware.



So far this is the domain that has been identified.

Code:

cupomgratisfood[.]shop
fud2026[.]com
accessor.fud2026[.]com
pool.fud2026[.]com
pool-proxy.fud2026[.]com
aptabase.fud2026[.]com
aptabase.khwdji319[.]xyz
btmob[.]xyz
bt-mob[.]net

https://securelist.com/beatbanker-miner-and-banker/119121/

So if someone from our Brazilian friends might have been reading this, so just be careful and download only from legitimate source.

[Coloma612]

When the user attempts to make a USDT transaction, BeatBanker creates overlay pages for Binance and Trust Wallet, covertly replacing the destination address with the threat actor’s transfer address.

The "address replacement" trick is still one of the most effective ways to steal funds because even experienced users sometimes forget to double check every single character after pasting.

It is a good reminder that mobile security is often weaker than desktop. If you are using Trust Wallet or Binance on Android, always verify the address on a second device or at least check the last 5-10 digits before hitting send. Thanks for sharing the domains list.

[fullfitlarry]

When the user attempts to make a USDT transaction, BeatBanker creates overlay pages for Binance and Trust Wallet, covertly replacing the destination address with the threat actor’s transfer address.

The "address replacement" trick is still one of the most effective ways to steal funds because even experienced users sometimes forget to double check every single character after pasting.

It is a good reminder that mobile security is often weaker than desktop. If you are using Trust Wallet or Binance on Android, always verify the address on a second device or at least check the last 5-10 digits before hitting send. Thanks for sharing the domains list.

It is, that's why we really need to be very careful about sending someone our precious Bitcoin by checking the address first.

Or scan our hardware with the latest ant-virus as there could be malware hiding somewhere. Although not all can be tracked by anti-virus, at least this is a good practice. And not putting a lot of crypto in our pc or laptop, maybe just enough for us to used for daily like trading.

Yes, Android is not that good, but still if we practice safe hygiene, we could all be good.