JAKARTA - Kaspersky Global Research and Analysis Team (GReAT) has uncovered a new Android malware campaign, in which perpetrators spread the BeatBanker Trojan by disguising it as a Starlink app for Android.
In this campaign, cybercriminals targeted users from Brazil. However, Kaspersky experts do not rule out the possibility that users from other countries may also face this threat.
Previously, BeatBanker was known to impersonate a public service application and spread banking Trojans and crypto miners. In the latest variant, the malware actually installs a remote administration tool (Remote Access Trojan/RAT) called BTMOB.
Researchers found that the perpetrators spread the fake Starlink app through phishing pages that mimic the official Google Play Store app store.
After being downloaded and run, the application displays an interface that also resembles Google Play to convince the victim to grant installation permissions. This step allows the attacker to download additional malicious payloads in secret.
"The attackers seem to be using a new bait with the Starlink app to reach more victims from various countries. Therefore, it is important for users to remain vigilant and use advanced solutions to protect their smartphones," said Head of the American & European unit at Kaspersky GReAT, Fabio Assolini.
The BTMOB Trojan itself allows attackers to take remote control. It is able to grant permissions automatically, hide system notifications, and has mechanisms designed to capture key screen credentials, including PINs, patterns, and passwords on infected devices.
The malware also gives attackers access to the front and back cameras, GPS location monitoring, and the constant collection of sensitive data.
To stay protected from mobile threats, Kaspersky recommends the following:
Download apps only from official app stores, but remember that downloading apps from official stores is not always risk-free. Always check app reviews, only use links from official websites, and install security software to detect and block malicious activity if the app turns out to be fake. Check the permissions of the apps you use and think carefully before allowing an appUpdate your operating system and important applications when updates are available. Many security issues can be addressed by installing updated versions of software.
The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)
