InfoSecBulletin Cybersecurity for mankind
Cleafy found a harmful software called BingoMod that targets Android devices. The malware tries to get into bank accounts on the device and steal money, then it erases the device’s activity.
Cleafy says that BingoMod is a type of remote access Trojan (RAT). Attackers can use it to control devices remotely and steal bank account information. They do this by tricking users into enabling accessibility services and granting control permissions.
Gmail Data exposes via ChatGPT Deep Research Agent dubbed “ShadowLeak Zero-Click” Flaw
Cyber attack disrupts several European airports: check-in and boarding systems affected
Hacker claim to breach Link3; 189,000 Users data up for sale
Check Point Hosts “Securing the Hyperconnected World in the AI Era” in Dhaka
Microsoft Confirms 900+ XSS Vulns Found in IT Services
Daily Security Update Dated : 15.09.2025
IBM QRadar SIEM Vuln Let Attackers Perform Unauthorized Actions
Major Australian Banks using Army of AI Bots to Scam Scammers
F5 to acquire CalypsoAI for $180M for Advanced AI Security Capabilities
AI Pentesting Tool ‘Villager’ Merges Kali Linux with DeepSeek AI for Automated Attacks
After getting the required permissions, BingoMod is able to install itself and activate the keyboard operation logging feature of accessibility services. This allows it to steal user credentials used for banking services. It also intercepts SMS messages to obtain verification codes for financial transactions, making it possible to transfer funds from the user’s bank account unnoticed.
During the attack, BingoMod uses the system media projection API to capture and send the screen content to the attackers. After the attack, BingoMod erases external storage devices, like memory cards, on the affected device. Attackers can remotely control and delete all the stored content on the device, making it hard for the victim to trace.
Cleafy recommends not installing unfamiliar apps on Android devices and being careful with suspicious permission requests. They also suggest installing security software, enabling two-factor authentication, and regularly checking banking transactions for any malicious activity.
