We’ve gathered the most important cybersecurity news from the past week.

  • Researchers discovered a multifunctional stealer with Chinese voiceover.
  • CertiK reported losses from fraudulent crypto ATM schemes.
  • Tire pressure sensors were used to track vehicle locations.
  • Meta announced new tools to protect users.

Researchers Uncover Multifunctional Stealer with Chinese Voiceover

Researchers from Kaspersky Lab reported a new Android malware called BeatBanker. This malware combines the functions of a banking trojan and a hidden miner for Monero, capable of stealing credentials and altering cryptocurrency transactions.

Attackers distribute the software disguised as financial apps and Starlink software on fake Google Play store sites. The APK file uses native libraries to decrypt and load hidden code directly into memory to evade detection.

According to experts, in some cases, the software installs a remote access trojan called BTMOB RAT instead of the banking module. This gives operators full control over the device, including keylogging, screen recording, camera access, GPS tracking, and credential interception.

Before launching, it checks the environment to ensure it’s not being analyzed. Then, a fake Play Store update window appears to obtain permission for installing additional payloads. To avoid suspicion, the software delays operations for a while after installation.

Source: Kaspersky Lab.

Researchers noted that the malware employs an unusual method to maintain activity in the system by continuously playing an almost inaudible audio recording of Chinese speech from an MP3 file.

BeatBanker also has the capability for hidden Monero mining using a modified version of mining software XMRig 6.17.0. It dynamically activates based on load and conditions monitored by operators to ensure optimal performance and stealth.

The trojan's activity has been detected in campaigns targeting users in Brazil.

CertiK Reports Losses from Crypto ATM Fraud Schemes

In 2025, the total losses from crypto ATM fraud in the U.S. reached $333 million. Additionally, the number of reports from victims received by the FBI increased by 33% over the year, reported CertiK analysts.

The U.S. accounts for 78% of the 45,000 terminals worldwide. Experts indicate that crypto ATM fraud is one of the fastest-growing categories of financial crime in the country.

Source: CertiK.

Researchers noted that AI-based social engineering schemes in 2025 were 4.5 times more profitable than traditional methods. CertiK also highlighted a changing profile of fraudsters, who are increasingly becoming organized and evolving into transnational criminal organizations.

Tire Pressure Sensors Used to Track Vehicle Locations

A group of researchers from Spain, Switzerland, and Luxembourg demonstrated a method for tracking vehicle movement using a tire pressure monitoring system (TPMS).

Experts believe the issue lies in the fact that TPMS transmits data and a unique identifier in an unencrypted format, with the ID remaining unchanged throughout the tire's lifespan. Essentially, each wheel continuously broadcasts a radio signal that can uniquely identify the vehicle.

Source: Research: "Can't Hide Your Stride: Inferring Car Movement Patterns from Passive TPMS Measurements."

The article details an experiment involving the deployment of five receivers costing about $100 each.

Over ten weeks of observation, the devices intercepted more than 6 million TPMS messages from approximately 20,000 vehicles. Since the ID did not change, experts were able to correlate signals with specific "wheels" and track their routes.

Researchers noted that the data from these devices is transmitted in an unencrypted format—interception requires only a budget receiver and a standard antenna. They believe that attackers could scale the system, link identifiers to specific individuals, and organize targeted surveillance.

Meta Announces User Protection Tools

Meta has introduced a range of tools to protect users, as stated in a press release.

The new measures include:

  • Warnings in Facebook when users interact with suspicious accounts;
  • Alerts when receiving dubious requests in WhatsApp to prevent scammers from linking accounts to their devices;
  • Enhanced threat detection in Messenger, analyzing recent messages for hacker markers using AI tools.
Source: Meta.

Additionally, Meta reported blocking over 150,000 accounts linked to scam centers in Southeast Asia.

Previously, the company removed over 159 million fraudulent ads for policy violations and blocked 10.9 million accounts on Facebook and Instagram associated with scam centers.

Also on ForkLog:

  • After Fusaka, the number of address spoofing attacks in Ethereum soared by 600%.
  • Vulnerabilities in MediaTek chips threatened crypto wallets on a quarter of Android smartphones.
  • Binance revealed details of an investigation into transfers to Iran-linked addresses.
  • Meta handed over intimate video recordings from smart glasses to contractors in Kenya.
  • U.S. authorities recognized the right of crypto mixer users to privacy.
  • Claude Opus 4.5 discovered 22 vulnerabilities in Firefox over two weeks.

Weekend Reading Suggestions

Graphics cards have become the primary computing tool for neural networks. However, as the industry evolves, there is a growing demand for specialized solutions for AI work. ForkLog explored the new phase of the artificial intelligence race.