Cybersecurity researchers have identified a new Android malware called BeatBanker that spreads by pretending to be a Starlink application. The fake app tricks users into thinking they are installing a legitimate internet service tool. Once the app is installed, the malware silently takes control of the device. Experts warn that the campaign shows how attackers are increasingly targeting mobile users.

Android robot icons with a malware biohazard symbol representing Android malware threats targeting mobile devices.

The malware is usually distributed through fake websites that look like official download pages. These sites convince users that they are downloading the real Starlink mobile application. Instead, the download installs a malicious APK file containing the BeatBanker malware. This method relies on social engineering, where attackers deceive users into installing the malware themselves.

After installation, BeatBanker begins running quietly in the background of the infected smartphone. The malware is designed to gain significant control over the device’s operations. It can monitor user activity and interact with certain applications. Because it operates silently, many victims may not realize their phone has been compromised.

Smartphone displaying malicious code on screen symbolizing Android malware infection and mobile cyberattack.

Researchers describe BeatBanker as a combination of a banking trojan and a cryptocurrency miner. The banking trojan component allows attackers to collect financial information and login credentials. At the same time, the malware secretly uses the device’s processing power to mine cryptocurrency. This activity typically focuses on mining Monero, which benefits the attackers.

Another dangerous feature of the malware is its ability to interfere with cryptocurrency transactions. BeatBanker can display fake overlay screens that imitate legitimate services like Binance or Trust Wallet. These screens appear real to the victim during a transaction. However, the malware can secretly change the destination wallet address.

Digital cryptocurrency wallet illustration highlighting risks of crypto transaction manipulation by malware.

Because of this manipulation, cryptocurrency transfers may be redirected to wallets controlled by attackers. The victim may believe the transaction was completed normally. In reality, the funds are sent to a different address controlled by the cybercriminals. This technique allows attackers to steal digital assets without immediate detection.

Researchers also found that BeatBanker uses unusual techniques to stay active on infected devices. One method involves playing a nearly inaudible audio file repeatedly in the background. This trick forces the Android system to keep the malware service running. As a result, the malicious process is less likely to be stopped automatically.

Android smartphone displaying a security shield icon representing protection against mobile malware and malicious apps.

Security experts say this campaign highlights the growing risk of malware disguised as trusted applications. Mobile devices store banking details, passwords, and cryptocurrency wallets, making them attractive targets. Experts recommend installing apps only from official stores and avoiding unknown APK downloads. Being cautious with app permissions can also reduce the risk of infection.

Stay alert, and keep your security measures updated!

Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news