New Android Malware BingoMod Targets Financial Data and Wipes Devices

 

Malware has long been a significant threat to online security, serving as a backdoor entry for cybercriminals. Despite Google’s efforts to keep the Play Store free of malicious apps and deliver timely Android security patches, some attackers manage to bypass these defenses, stealing money and personal information from unsuspecting victims. 

Recently, a new malware named BingoMod has been identified targeting Android devices, stealing financial data and wiping them clean. BingoMod, discovered by researchers at cybersecurity firm Cleafy, uses a technique called smishing (SMS phishing) to infiltrate devices. This method involves sending a malware-laden link to the victim’s device, which, when clicked, installs the BingoMod app (version 1.5.1) disguised as a legitimate mobile security tool like AVG AntiVirus & Security. 

Once installed, the app requests access to device accessibility services, allowing it to steal login credentials, take screenshots, and intercept SMS messages. This information is then sent to the threat actor, providing near real-time access to the device’s functions. BingoMod leverages Android’s media projection APIs, which handle screencasting requests, to gather displayed information and bypass security measures like two-factor authentication (2FA). The malware is currently targeting devices in Italy, stealing up to 15,000 Euros in each transaction. 

However, experts at Cleafy believe the malware could spread to other markets, as it is still in active development. The malware’s evasive techniques enable it to avoid detection by reputable security tools like VirusTotal. It conceals its activities using fake notifications and screen overlays while stealing money and data in the background. If the BingoMod app is granted device administrator privileges, the attackers can remotely wipe the device, although Cleafy notes this would only clear the external storage. 

To avoid falling victim to smishing attacks like BingoMod, it is crucial never to click on links from unverified sources, especially those claiming to be important. Install apps only from reputable sources like the Google Play Store and set up passkeys for an additional layer of biometric security. A Google spokesperson told Android Police that Play Protect already safeguards Android users from known versions of this malware by blocking the app or showing a warning, even if the malicious app wasn’t downloaded from the Play Store. Additionally, using a password manager can help keep your credentials safe and alert you to recent data breaches that could compromise your accounts. 

By staying vigilant and following these best practices, you can protect your device from BingoMod and other malicious threats, ensuring your financial data and personal information remain secure.