Friday , March 21 2025

BingoMod RAT: Android Banking Trojan Empties Accounts, Wipes data

infosecbulletin Friday , August 2 2024 Bank

Cleafy found a harmful software called BingoMod that targets Android devices. The malware tries to get into bank accounts on the device and steal money, then it erases the device’s activity.

Cleafy says that BingoMod is a type of remote access Trojan (RAT). Attackers can use it to control devices remotely and steal bank account information. They do this by tricking users into enabling accessibility services and granting control permissions.

IBM and Veeam Release Patches in AIX System and Backup

By infosecbulletin / Friday , March 21 2025
IBM has resolved two critical vulnerabilities in its AIX operating system that could allow command execution. The list of shortcomings,...
Read More
IBM and Veeam Release Patches in AIX System and Backup

WhatsApp patched zero-click flaw exploited in spyware attacks

By infosecbulletin / Wednesday , March 19 2025
WhatsApp has patched a zero-click, zero-day vulnerability used to install Paragon's Graphite spyware following reports from security researchers at the...
Read More
WhatsApp patched zero-click flaw exploited in spyware attacks

CVE-2025-24472
CISA Warns of Fortinet FortiOS Auth Bypass Vuln Exploited in Wild

By infosecbulletin / Wednesday , March 19 2025
CISA has issued a critical alert about a critical vulnerability in Fortinet’s FortiOS and FortiProxy systems. CVE-2025-24472, an authentication bypass...
Read More
CVE-2025-24472 CISA Warns of Fortinet FortiOS Auth Bypass Vuln Exploited in Wild

11 state hackers exploit new Windows zero-day since 2017

By infosecbulletin / Wednesday , March 19 2025
11 nation-state groups from North Korea, China, and Russia are exploiting a vulnerability in a common feature of Microsoft Windows....
Read More
11 state hackers exploit new Windows zero-day since 2017

Hackers Exploit ChatGPT with CVE-2024-27564

By infosecbulletin / Tuesday , March 18 2025
Attackers are actively targeting OpenAI, exploiting CVE-2024-27564, a Server-Side Request Forgery (SSRF) vulnerability in OpenAI’s ChatGPT infrastructure. Veriti’s latest research...
Read More
Hackers Exploit ChatGPT with CVE-2024-27564

(CVE-2024-540385)
CVSS 10 Alert! HPE Cray Vulnerability Authentication Bypass Threat

By infosecbulletin / Tuesday , March 18 2025
A critical vulnerability, CVE-2024-540385, has been found in HPE Cray XD670 servers using the AMI BMC Redfish API, allowing remote...
Read More
(CVE-2024-540385) CVSS 10 Alert! HPE Cray Vulnerability Authentication Bypass Threat

CVE-2025-24813
Apache Tomcat Flaw Exploited In The Wild

By infosecbulletin / Tuesday , March 18 2025
CVE-2025-24813, a critical remote code execution vulnerability, is actively exploited, enabling attackers to control vulnerable Apache Tomcat servers with a...
Read More
CVE-2025-24813 Apache Tomcat Flaw Exploited In The Wild

B1nary_Band1ts secure first for “MIST CyberTron 2025”

By infosecbulletin / Monday , March 17 2025
MIST Cyber Security Club hosted an exciting MIST CyberTron 2025, featuring a CTF competition, hacking sessions, live demonstrations, and real-world...
Read More
B1nary_Band1ts secure first for “MIST CyberTron 2025”

CVE-2025-24016
Critical RCE vulnerability affects Wazuh

By infosecbulletin / Monday , March 17 2025
Cybersecurity researchers unveil a critical remote code execution vulnerability (CVE-2025-24016) in Wazuh, a popular open-source SIEM platform. The vulnerability has...
Read More
CVE-2025-24016 Critical RCE vulnerability affects Wazuh

AWS SNS misused for Data Exfiltration and Phishing

By infosecbulletin / Monday , March 17 2025
A recent report from Elastic reveals that threat actors misuse Amazon Web Services (AWS) Simple Notification Service (SNS) for malicious...
Read More
AWS SNS misused for Data Exfiltration and Phishing

After getting the required permissions, BingoMod is able to install itself and activate the keyboard operation logging feature of accessibility services. This allows it to steal user credentials used for banking services. It also intercepts SMS messages to obtain verification codes for financial transactions, making it possible to transfer funds from the user’s bank account unnoticed.

    Starting phase of BingoMod

During the attack, BingoMod uses the system media projection API to capture and send the screen content to the attackers. After the attack, BingoMod erases external storage devices, like memory cards, on the affected device. Attackers can remotely control and delete all the stored content on the device, making it hard for the victim to trace.

Cleafy recommends not installing unfamiliar apps on Android devices and being careful with suspicious permission requests. They also suggest installing security software, enabling two-factor authentication, and regularly checking banking transactions for any malicious activity.

Check Also

Android

Android malware attack Indian banks: Infected 419 devices

Researchers discovered a new Android banking trojan aimed at Indian users. This malware pretends to …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2025, All Rights Reserved InfoSecBulletin