By rssfeeds-admin 
This malware, which primarily targets users in Brazil, not only steals banking credentials but also hijacks cryptocurrency transactions and runs a crypto miner in the background.
What makes BeatBanker particularly concerning is its use of an audio loop to evade detection, keeping it active on the infected device for extended periods.
Social Engineering and The First Stage Of Infection
The BeatBanker attack starts with a social engineering trick. Attackers create a fake website that closely mimics the Google Play Store, luring the victim to download a malicious app disguised as INSS Reembolso, a trusted Brazilian government app.
The fake app prompts users to grant installation permissions, leading them to download the malware onto their devices unknowingly.
The malicious APK contains a shared library (libludwwiuh.so) that decrypts another ELF file, which then loads the DEX file. This method allows the malware to execute without being stored on the file system, avoiding detection by traditional antivirus software.
According to SecureList, the malware uses a Java Native Interface (JNI) to continue execution, bypassing mobile security products.
Once executed, the malware displays a Google Play Store-like interface, tricking the victim into thinking the INSS Reembolso app needs an update.
The user is led to click on an “Update” button, which then silently downloads the cryptocurrency miner payload. This payload, an XMRig miner, connects to a mining pool to mine Monero cryptocurrency, draining the victim’s device’s resources and battery.
Persistence Through Audio Loop
The malware employs an innovative persistence technique: it plays a near-inaudible audio file on a loop. This loop prevents the operating system from terminating the malicious process, as the device thinks it is playing media.
This tactic ensures that the malware remains active on the victim’s device even when the system goes idle. The audio file is only five seconds long. It contains Chinese words, making it difficult to detect through normal user behavior.
To protect against BeatBanker and other similar threats, it is critical to:
- Only download apps from trusted sources: Stick to the official Google Play Store and verify developer credentials.
- Review app permissions: Be cautious of apps requesting extensive permissions, especially those related to accessibility and installing third-party APKs.
- Keep devices and apps updated: Regular security updates help protect against known vulnerabilities.
This sophisticated malware campaign is an example of how attackers are constantly innovating their techniques, using new tools and strategies to evade detection.
Organizations and Securelist individuals must stay vigilant and implement robust security measures to protect sensitive financial and personal data from these evolving threats.
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google.
The post BeatBanker Malware Targets Crypto Wallets With Audio‑Based Persistence appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.