A fake Starlink app was running cryptocurrency mining on Android devices

Cyber Threats in the Android World: How “Starlink” Phishing Tricks Brazilian Users

*Kaspersky Lab* released a detailed report on a new wave of malware that masquerades as official Google Play Store apps and forces smartphones to mine Monero.

What’s Happening
1. Phishing Pages

Hackers create counterfeit sites that look like the Google Play app store. Users click links where they’re offered to install an “official” Starlink app for Android.

2. Deception During Installation

After downloading the APK, a prompt appears asking for an update. In reality this is a trap: the app requests all necessary permissions so it can continue working without Google Play’s involvement.

3. Monero Mining and Data Theft

Inside the malware, a Monero miner runs. Additionally, a trojan appears on the device that allows remote:

* tracking phone activity,
* intercepting data (PIN codes, graphical keys, passwords),
* controlling cameras and other functions.

4. “BeatBanker” Game

The program plays almost inaudible audio tracks in an endless loop, making it impossible to simply turn off – hence the nickname BeatBanker.

Targets of the Attacks
- Brazil – a country with the second‑largest Starlink customer base (over 1 million users) and the primary target of the malware.
- The initial version was distributed through a fake Brazilian social welfare app, now through a counterfeit “Starlink”.

How to Protect Yourself
The simplest rule is: download only from official stores. Make sure you’re using Google Play Store or trusted alternatives. Don’t install unknown apps. If an app comes from an unfamiliar developer, it’s best not to install it. Following these recommendations can significantly reduce the risk of infecting your smartphone with malware and protect your personal data.