Article 6PP2T BingoMod Android Malware Wipes All Your Device Data After Stealing Your Money

BingoMod Android Malware Wipes All Your Device Data After Stealing Your Money

by
Krishi Chowdhary
from Techreport on (#6PP2T)
BingoMod-1200x662.png
  • Researchers from the Cleafy TIR team have discovered a new malware called BingoMod that steals your money and then wipes all your device data to avoid detection.
  • The malware works through SMS phishing where it pretends to be a legitimate security tool. Once the customer installs it, the malware takes over the device and sends remote commands.
  • The malware is still active and according to the researchers, the author is still adding new obfuscation techniques to it in order to avoid detection.

BingoMod-300x166.png

A new Android malware called BingoMod has been discovered that can wipe all the data on your device after successfully stealing money from your account. It can steal up to 15,000 EUR per transaction.

The discovery was made by the Cleafy TIR team towards the end of May 2024. According to them, the malware is still active and its authors are working on adding more obfuscation techniques to avoid detection.

The researchers believe that such a focus on obfuscation techniques might suggest that the threat actor is new to this. They lack the experience and sophistication of a seasoned malware author.

How Does It Work?

After analyzing multiple samples, the researchers came to the conclusion that the malware is being distributed through SMS phishing where it pretends to be a mobile security tool.

Step #1 - Installation

BingMod is its technical name but to the victims, it presents itself as WebsIndfo, InfoWeb, WebSecurity, App Protection, Antivirus Cleanup, and so on. The goal is to come across as a legitimate tool.

Step #2 - Permissions

Now, once the victim has been fooled into installing the software, it asks to use Accessibility Services". If you allow it, it will give them extensive control over the device and allow it to send remote commands.

Currently, the malware supports over 40 remote commands such as remote screen monitoring, keylogging, and remote screenshotting.

Step #3 - Stealing Money

Once the malware is installed, it uses Account Takeover (ATO) and Device Fraud (ODF) for the following functions:

  • Intercept messages
  • Steal login credentials, and
  • Bypass bank users' identity verification and authentication processes

The worst part about BingoMod is that it can also avoid the behavioral detection techniques that are usually used by banks to identify suspicious transactions. So, even banks' advanced fraud detection controls are of no use.

Step #4 - Data Erase

Once the job is done, it erases all data from your device so that security experts cannot detect it. After all, if the device is completely empty, there will be nothing left for the forensic team to work with.

The worst part is there isn't much you can do at the moment to stop it because it's capable of blocking certain apps once it's installed. So even if you have a security app, it might not be of much help.

BingoMod shows relatively straightforward functionalities commonly found in most contemporary RAT, such as HiddenVNC for remote control and SMS suppression to intercept and manipulate communication and logging user interactions to steal sensitive data.' - Cleafy TIR Report

Also, not much is known about the author except the fact that they use English, Romanian, and Italian languages to target their victims. The authors might be Romanian themselves. But other than that, no other identification has been found so far.

The post BingoMod Android Malware Wipes All Your Device Data After Stealing Your Money appeared first on The Tech Report.

External Content
Source RSS or Atom Feed
Feed Location https://techreport.com/feed/
Feed Title Techreport
Feed Link https://techreport.com/
Reply 0 comments