Wednesday , March 26 2025

BingoMod RAT: Android Banking Trojan Empties Accounts, Wipes data

infosecbulletin Friday , August 2 2024 Bank

Cleafy found a harmful software called BingoMod that targets Android devices. The malware tries to get into bank accounts on the device and steal money, then it erases the device’s activity.

Cleafy says that BingoMod is a type of remote access Trojan (RAT). Attackers can use it to control devices remotely and steal bank account information. They do this by tricking users into enabling accessibility services and granting control permissions.

Micropatches released for Windows zero-day leaking NTLM hashes

By infosecbulletin / Wednesday , March 26 2025
Unofficial patches are available for a new Windows zero-day vulnerability that allows remote attackers to steal NTLM credentials by deceiving...
Read More
Micropatches released for Windows zero-day leaking NTLM hashes

VMware Patches Authentication Bypass Flaw in Windows Tool

By infosecbulletin / Wednesday , March 26 2025
On Tuesday, VMware issued an urgent fix for a security flaw in its VMware Tools for Windows. CVE-2025-22230 allows a...
Read More
VMware Patches Authentication Bypass Flaw in Windows Tool

IngressNightmare
Over 40% of cloud environments are vulnerable to RCE

By infosecbulletin / Tuesday , March 25 2025
Kubernetes users of the Ingress NGINX Controller are advised to fix four newly found remote code execution ( RCE) vulnerabilities,...
Read More
IngressNightmare Over 40% of cloud environments are vulnerable to RCE

(CVE-2025-29927)
Urgently Patch Your Next.js for Authorization Bypass

By infosecbulletin / Tuesday , March 25 2025
Next.js, a widely used React framework for building full-stack web applications, has fixed a serious security vulnerability. Used by many...
Read More
(CVE-2025-29927) Urgently Patch Your Next.js for Authorization Bypass

Oracle refutes breach after hacker claims 6 million data theft

By infosecbulletin / Sunday , March 23 2025
A hacker known as “rose87168” claims to have stolen six million records from Oracle Cloud servers. The stolen data includes...
Read More
Oracle refutes breach after hacker claims 6 million data theft

Russian zero-day seller to offer up to $4 million for Telegram exploits

By infosecbulletin / Saturday , March 22 2025
Operation Zero, a Russian zero-day broker, is offering up to $4 million for Telegram exploits. They seek $500K for one-click...
Read More
Russian zero-day seller to offer up to $4 million for Telegram exploits

Cybercriminals Exploit Checkpoint’s Driver in a BYOVD Attack

By infosecbulletin / Friday , March 21 2025
Threat actors are exploiting a component of CheckPoint's ZoneAlarm antivirus to bypass Windows security measures. Nima Bagheri, a security researcher...
Read More
Cybercriminals Exploit Checkpoint’s Driver in a BYOVD Attack

IBM and Veeam Release Patches in AIX System and Backup

By infosecbulletin / Friday , March 21 2025
IBM has resolved two critical vulnerabilities in its AIX operating system that could allow command execution. The list of shortcomings,...
Read More
IBM and Veeam Release Patches in AIX System and Backup

WhatsApp patched zero-click flaw exploited in spyware attacks

By infosecbulletin / Wednesday , March 19 2025
WhatsApp has patched a zero-click, zero-day vulnerability used to install Paragon's Graphite spyware following reports from security researchers at the...
Read More
WhatsApp patched zero-click flaw exploited in spyware attacks

CVE-2025-24472
CISA Warns of Fortinet FortiOS Auth Bypass Vuln Exploited in Wild

By infosecbulletin / Wednesday , March 19 2025
CISA has issued a critical alert about a critical vulnerability in Fortinet’s FortiOS and FortiProxy systems. CVE-2025-24472, an authentication bypass...
Read More
CVE-2025-24472 CISA Warns of Fortinet FortiOS Auth Bypass Vuln Exploited in Wild

After getting the required permissions, BingoMod is able to install itself and activate the keyboard operation logging feature of accessibility services. This allows it to steal user credentials used for banking services. It also intercepts SMS messages to obtain verification codes for financial transactions, making it possible to transfer funds from the user’s bank account unnoticed.

    Starting phase of BingoMod

During the attack, BingoMod uses the system media projection API to capture and send the screen content to the attackers. After the attack, BingoMod erases external storage devices, like memory cards, on the affected device. Attackers can remotely control and delete all the stored content on the device, making it hard for the victim to trace.

Cleafy recommends not installing unfamiliar apps on Android devices and being careful with suspicious permission requests. They also suggest installing security software, enabling two-factor authentication, and regularly checking banking transactions for any malicious activity.

Check Also

Android

Android malware attack Indian banks: Infected 419 devices

Researchers discovered a new Android banking trojan aimed at Indian users. This malware pretends to …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2025, All Rights Reserved InfoSecBulletin