Theft whispers in Chinese, tire pressure sensors for tracking and other cybersecurity news – BitRss

We’ve rounded up the most important cybersecurity news of the week.

Researchers find a multi-functional burglar with Chinese background audio

Researchers at Kaspersky have reported a new Android malware called BeatBanker. It combines the features of a banking trojan and a hidden Monero miner, can steal credentials and disrupt cryptocurrency transactions.

Attackers distribute software such as financial apps and Starlink tools on fake Google Play websites. The APK uses native libraries to decode and load obfuscated code directly into memory to avoid detection.

In some cases, instead of the banking module, the software installs an Android remote access trojan called BTMOB RAT. It gives operators full control of the device, keyboardscreen recording, camera access, GPS tracking and credential suspension.

Before execution, it performs an environmental check to ensure that it is not parsed. A fake Play Store update prompt will then appear asking for permission to download the app. For the avoidance of doubt, the software will delay operation for a period of time after installation.

Source: Kaspersky Lab.

According to the researchers, the malware uses an unusual method to stay active: it continuously plays an almost inaudible Chinese-language MP3.

BeatBanker can also secretly mine Monero using a modified version of XMRig 6.17.0. It starts dynamically based on system load and conditions controlled by operators to balance performance and latency.

Trojan activity has been observed in campaigns targeting users in Brazil.

CertiK estimates losses from crypto-ATM fraud

In 2025, losses from crypto ATM fraud in the United States will reach $333 million. Meanwhile, CertiK analysts said reports of victims by the FBI are up 33% year-over-year.

78% of the 45,000 terminals worldwide are in the US. According to researchers, crypto-ATM fraud is one of the fastest growing categories of financial crimes in the country.

Source: CertiK.

AI-driven social engineering plans are 4.5 times more profitable than traditional methods in 2025, the researchers noted. CertiK also pointed to the changing profile of fraud: operations are becoming increasingly structured and becoming transnational criminal organizations.

Tire pressure sensors are used to track vehicles

A team of researchers from Spain, Switzerland and Luxembourg have demonstrated a method of tracking vehicle movements using tire pressure monitoring systems (TPMS).

The problem, they say, is that the TPMS transmits information and a unique identifier in the clear, and the ID remains the same for the life of the tire. In fact, each wheel is constantly broadcasting a radio signal that can uniquely identify the vehicle.

Source: Study: “Can’t Hide Your Steps: Inferring Vehicle Traffic from Passive TPMS Measurements.”

The paper details an experiment involving the placement of five receivers, each costing about $100.

Over a ten-week period, the devices received more than 6 million TPMS messages from nearly 20,000 vehicles. Since the identifiers did not change, the researchers matched the signals to specific wheels and traced their routes.

They observed that the data is sent without encryption – only a budget receiver and a simple antenna are needed. According to them, attackers can expand the system, link identifiers to individuals and conduct targeted surveillance.

Meta announced tools to protect users

Meta has introduced a number of tools to protect users, the company said in a press release.

The new measures include:

• alerts on Facebook when users interact with suspicious accounts;
• alert when receiving suspicious requests on WhatsApp to prevent fraudsters from blocking the account on your device;
• extends threat detection in Messenger, offering to analyze recent messages for hacker markers using AI tools.

Source: Meta.

Meta also reported that more than 150,000 accounts linked to fraud centers in Southeast Asia were closed.

Previously, the company removed more than 159 million fraudulent ads for policy violations and blocked 10.9 million Facebook and Instagram accounts linked to the fraud centers.

Also on ForkLog:

• After Fusaka, the number of spoofing attacks on Ethereum increased by 600%.
• MediaTek chip vulnerability puts crypto wallets in a quarter of Android smartphones at risk.
• Binance has disclosed details of its investigation into transfers to addresses linked to Iran.
• Meta supplied the video glasses to contractors in Kenya.
• US authorities have confirmed the right of crypto-mixer users to privacy.
• Claude Opus 4.5 found 22 Firefox vulnerabilities in two weeks.

What to read this weekend?

Graphics cards have become the main computing workhorses for neural networks. With the development of the industry, the demand for specialized AI hardware has increased. ForkLog explores the latest phase of the artificial intelligence arms race.