Cleafy found a harmful software called BingoMod that targets Android devices. The malware tries to get into bank accounts on the device and steal money, then it erases the device’s activity.
Cleafy says that BingoMod is a type of remote access Trojan (RAT). Attackers can use it to control devices remotely and steal bank account information. They do this by tricking users into enabling accessibility services and granting control permissions.
On December 5, 2024, CISA issued two advisories regarding Industrial Control Systems (ICS). These advisories highlight current security issues, vulnerabilities,...
After getting the required permissions, BingoMod is able to install itself and activate the keyboard operation logging feature of accessibility services. This allows it to steal user credentials used for banking services. It also intercepts SMS messages to obtain verification codes for financial transactions, making it possible to transfer funds from the user’s bank account unnoticed.
During the attack, BingoMod uses the system media projection API to capture and send the screen content to the attackers. After the attack, BingoMod erases external storage devices, like memory cards, on the affected device. Attackers can remotely control and delete all the stored content on the device, making it hard for the victim to trace.
Cleafy recommends not installing unfamiliar apps on Android devices and being careful with suspicious permission requests. They also suggest installing security software, enabling two-factor authentication, and regularly checking banking transactions for any malicious activity.