- Researchers from the Cleafy TIR team have discovered a new malware called BingoMod that steals your money and then wipes all your device data to avoid detection.
- The malware works through SMS phishing where it pretends to be a legitimate security tool. Once the customer installs it, the malware takes over the device and sends remote commands.
- The malware is still active and according to the researchers, the author is still adding new obfuscation techniques to it in order to avoid detection.
A new Android malware called BingoMod has been discovered that can wipe all the data on your device after successfully stealing money from your account. It can steal up to 15,000 EUR per transaction.
The discovery was made by the Cleafy TIR team towards the end of May 2024. According to them, the malware is still active and its authors are working on adding more obfuscation techniques to avoid detection.
The researchers believe that such a focus on obfuscation techniques might suggest that the threat actor is new to this. They lack the experience and sophistication of a seasoned malware author.
How Does It Work?
After analyzing multiple samples, the researchers came to the conclusion that the malware is being distributed through SMS phishing where it pretends to be a mobile security tool.
Step #1 – Installation
BingMod is its technical name but to the victims, it presents itself as WebsIndfo, InfoWeb, WebSecurity, App Protection, Antivirus Cleanup, and so on. The goal is to come across as a legitimate tool.
Step #2 – Permissions
Now, once the victim has been fooled into installing the software, it asks to use “Accessibility Services”. If you allow it, it will give them extensive control over the device and allow it to send remote commands.
Currently, the malware supports over 40 remote commands such as remote screen monitoring, keylogging, and remote screenshotting.
Step #3 – Stealing Money
Once the malware is installed, it uses Account Takeover (ATO) and Device Fraud (ODF) for the following functions:
- Intercept messages
- Steal login credentials, and
- Bypass bank users’ identity verification and authentication processes
The worst part about BingoMod is that it can also avoid the behavioral detection techniques that are usually used by banks to identify suspicious transactions. So, even banks’ advanced fraud detection controls are of no use.
Step #4 – Data Erase
Once the job is done, it erases all data from your device so that security experts cannot detect it. After all, if the device is completely empty, there will be nothing left for the forensic team to work with.
The worst part is there isn’t much you can do at the moment to stop it because it’s capable of blocking certain apps once it’s installed. So even if you have a security app, it might not be of much help.
‘BingoMod shows relatively straightforward functionalities commonly found in most contemporary RAT, such as HiddenVNC for remote control and SMS suppression to intercept and manipulate communication and logging user interactions to steal sensitive data.’ – Cleafy TIR Report
Also, not much is known about the author except the fact that they use English, Romanian, and Italian languages to target their victims. The authors might be Romanian themselves. But other than that, no other identification has been found so far.
Our Editorial Process
The Tech Report editorial policy is centered on providing helpful, accurate content that offers real value to our readers. We only work with experienced writers who have specific knowledge in the topics they cover, including latest developments in technology, online privacy, cryptocurrencies, software, and more. Our editorial policy ensures that each topic is researched and curated by our in-house editors. We maintain rigorous journalistic standards, and every article is 100% written by real authors.
