A new Android malware that was recently detected both steals users’ money and deletes all their data on their devices. Cleafy Labs researchers analyzed this remote administration tool (RAT) called BingoMod in May. This malware aims to perform money transfers on Android devices and can delete all data after it is done. So how does BingoMod work and how can users protect themselves?
How does BingoMod, the Android malware, work?
BingoMod works similarly to other Android malware families. First, the victim is convinced to install a malicious app presented as a fake antivirus software. After installation, BingoMod asks the user for permission to access Accessibility Services. When the user grants this permission, the APK opens itself and runs its malicious payload.
BingoMod tries to steal user information by running in the background. It does this by using keylogging and SMS interception techniques. Once the hackers have the data they need, they can take over the device and initiate money transfers.
In order to protect itself, BingoMod makes it difficult to edit the system settings on the user’s device, blocking the activities of certain apps and uninstalling other apps if necessary.
According to Cleafy, BingoMod’s most notable security measure is the ability to remotely wipe the device. This feature can be applied by BingoMod when the device is the device administrator and is usually activated after a successful fraud. However, this functionality is limited to the device’s external storage only. The researchers believe that the full wipe is performed by threat actors directly from the device’s system settings.
Although Cleafy researchers state that BingoMod is not as sophisticated as other famous Android trojans, they emphasize that this malware poses serious risks to users and financial institutions. Caution is needed due to the potential for major economic losses and compromise of personal data.
{{user}} {{datetime}}
{{text}}