Cybersecurity firm warns Android users to beware of money-guzzling malware
Researchers from cybersecurity firm Cleafy are warning people about new Android malware that could steal money from their bank accounts. It’s called BingoMod and is a type of remote access trojan, or RAT for short. Cleafy discovered it in May 2024 and recently published a to report on his website explaining how the malware works. If you read the post, you will quickly realize how threatening it is.
According to Cleafy, the bad guys behind BingoMod are engaged in ‘smishing’ campaigns. Smishing is a portmanteau of “SMS” and “phishing” and is typically a “social engineering attack” that uses fake text messages to trick people into downloading malware. In this case, BingoMod takes the form of a “legitimate antivirus” app.
It is available under different names: Chrome Update, InfoWeb, Sicurezza Web, WebInfo and more. Moreover, if BleepingComputer points outthe malware has even taken over the logo of the legitimate tool AVG Antivirus & Security.
Upon installation, BingoMod instructs users to “Activate Accessibility Services” to enable the security software. In reality, it gives the malware permission to infect a device.
Remote fraud
BingoMod then operates discreetly in the background, stealing credentials, taking screenshots, and intercepting texts. Because the malware is so deeply embedded in a smartphone’s system, attackers can remotely control it to perform “on-device fraud,” or ODF. Here, the malware begins sending fraudulent transactions from the infected device to a remote location.
A phone’s security system can’t stop this process, as BingoMod not only impersonates users but also disables the system. Cleafy claims that the malware is capable of “uninstalling arbitrary applications,” making it impossible for security apps to detect its presence. Once all these obstacles are gone, the threat actors can wipe all the phone’s data at once at any time.
And if that wasn’t enough, an infected device can serve as a springboard to further spread the malicious software via text messages.
How do you prevent yourself from getting infected?
It’s a scary situation, but what’s even scarier is that whoever is behind BingoMod is still actively working on it. Cleafy says the developers are looking for ways to “reduce the detection rate against AV solutions.”
We’ve only scratched the surface, so we highly recommend reading the report, which goes into more detail. The authors have included images of the software’s code and some of the commands. They’ve also found evidence that the person behind all this may be based in Romania, although they have help from developers all over the world.
To protect yourself, it’s best to avoid clicking on links from unknown or unverified sources. Make sure to download apps from reputable platforms like the Google Play Store. Google told BleepingComputer that Play Protect can detect and block BingoMod, which is great, but we still strongly recommend doing your due diligence.
For more robust protection, check out TechRadar’s list of the best password managers for 2024.
