Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Bank Accounts. Show all posts

New Android Malware BingoMod Targets Financial Data and Wipes Devices

 

Malware has long been a significant threat to online security, serving as a backdoor entry for cybercriminals. Despite Google’s efforts to keep the Play Store free of malicious apps and deliver timely Android security patches, some attackers manage to bypass these defenses, stealing money and personal information from unsuspecting victims. 

Recently, a new malware named BingoMod has been identified targeting Android devices, stealing financial data and wiping them clean. BingoMod, discovered by researchers at cybersecurity firm Cleafy, uses a technique called smishing (SMS phishing) to infiltrate devices. This method involves sending a malware-laden link to the victim’s device, which, when clicked, installs the BingoMod app (version 1.5.1) disguised as a legitimate mobile security tool like AVG AntiVirus & Security. 

Once installed, the app requests access to device accessibility services, allowing it to steal login credentials, take screenshots, and intercept SMS messages. This information is then sent to the threat actor, providing near real-time access to the device’s functions. BingoMod leverages Android’s media projection APIs, which handle screencasting requests, to gather displayed information and bypass security measures like two-factor authentication (2FA). The malware is currently targeting devices in Italy, stealing up to 15,000 Euros in each transaction. 

However, experts at Cleafy believe the malware could spread to other markets, as it is still in active development. The malware’s evasive techniques enable it to avoid detection by reputable security tools like VirusTotal. It conceals its activities using fake notifications and screen overlays while stealing money and data in the background. If the BingoMod app is granted device administrator privileges, the attackers can remotely wipe the device, although Cleafy notes this would only clear the external storage. 

To avoid falling victim to smishing attacks like BingoMod, it is crucial never to click on links from unverified sources, especially those claiming to be important. Install apps only from reputable sources like the Google Play Store and set up passkeys for an additional layer of biometric security. A Google spokesperson told Android Police that Play Protect already safeguards Android users from known versions of this malware by blocking the app or showing a warning, even if the malicious app wasn’t downloaded from the Play Store. Additionally, using a password manager can help keep your credentials safe and alert you to recent data breaches that could compromise your accounts. 

By staying vigilant and following these best practices, you can protect your device from BingoMod and other malicious threats, ensuring your financial data and personal information remain secure.

UK Government’s New AI System to Monitor Bank Accounts

 



The UK’s Department for Work and Pensions (DWP) is gearing up to deploy an advanced AI system aimed at detecting fraud and overpayments in social security benefits. The system will scrutinise millions of bank accounts, including those receiving state pensions and Universal Credit. This move comes as part of a broader effort to crack down on individuals either mistakenly or intentionally receiving excessive benefits.

Despite the government's intentions to curb fraudulent activities, the proposed measures have sparked significant backlash. More than 40 organisations, including Age UK and Disability Rights UK, have voiced their concerns, labelling the initiative as "a step too far." These groups argue that the planned mass surveillance of bank accounts poses serious threats to privacy, data protection, and equality.

Under the proposed Data Protection and Digital Information Bill, banks would be mandated to monitor accounts and flag any suspicious activities indicative of fraud. However, critics contend that such measures could set a troubling precedent for intrusive financial surveillance, affecting around 40% of the population who rely on state benefits. Furthermore, these powers extend to scrutinising accounts linked to benefit claims, such as those of partners, parents, and landlords.

In regards to the mounting criticism, the DWP emphasised that the new system does not grant them direct access to individuals' bank accounts or allow monitoring of spending habits. Nevertheless, concerns persist regarding the broad scope of the surveillance, which would entail algorithmic scanning of bank and third-party accounts without prior suspicion of fraudulent behaviour.

The joint letter from advocacy groups highlights the disproportionate nature of the proposed powers and their potential impact on privacy rights. They argue that the sweeping surveillance measures could infringe upon individual liberties and exacerbate existing inequalities within the welfare system.

As the debate rages on, stakeholders are calling for greater transparency and safeguards to prevent misuse of the AI-powered monitoring system. Advocates stress the need for a balanced approach that addresses fraud while upholding fundamental rights to privacy and data protection.

While the DWP asserts that the measures are necessary to combat fraud, critics argue that they represent a disproportionate intrusion into individuals' financial privacy. As this discourse takes shape, the situation is pronouncing the importance of finding a balance between combating fraud and safeguarding civil liberties in the digital sphere. 


DWP Clarifies What Bank Accounts are Targeted in Crackdown on Benefit Fraud


Identity of the bank accounts targeted in the DWP crackdown on benefit fraud have recently been made clear. 

The Department for Work and Pensions (DWP) will examine bank accounts as part of the Data Protection and Digital Information Bill that is presently making its way through the Houses of Commons and Lords in order to determine the amount of money that individuals have and how they are using it. Concerns have been voiced regarding the potential extent of this practice, though.

Earlier this month, Mel Stride, Secretary of State for Work and Pensions was questioned by Tory MP Nigel Mills regarding how the powers will be used. According to a report by Wales Online, he was questioned about whether bank accounts of all State Pensioners would be examined.

The DWP has stated that there has been a "great deal of scaremongering" about the new measures, as various sections of the Bill have been questioned and rumours have been spread. It has been verified, meanwhile, that it will only be applied in situations where fraud or error is suspected.

The Mirror reports that the DWP boss stated: "There has been a great deal of scaremongering about what exactly these powers are about. I can make it categorically clear from the Dispatch Box that these powers are there to make sure that, in instances where there is a clear signal of fraud or error, my department is able to take action. In the absence of that, it will not."

Meanwhile, in a House of Lords debate held before Christmas, Lord Bassam of Brighton asked: "As Mel Stride and the DWP officials made clear when giving evidence to the Work and Pensions Select Committee recently, this is not about accessing individual bank accounts directly where fraud is suspected, it is about asking for bulk data from financial organisations. How will the Government be able to guarantee data security with bulk searches […] When were the Government planning to tell the citizens of this country that they were planning to take this new set of powers to look into their accounts? I warn the Minister that I do not think it will go down very well, when the Government fully explains this.”

Lord Bassam further informs that the banking sector was equally concerned about the proposals describing them as overly broad and likely to prejudice disadvantaged consumers. The measure's proportionality is another issue raised by the ICO.

In response for the government, Viscount Camrose said: "Tackling fraud and error in the DWP is a priority for the Government but parliamentary time is tight. In the time available, the DWP has prioritised our key third-party data-gathering measure which will help to tackle one of the largest causes of fraud and error in the welfare system.”

He adds that When parliamentary time permits, they are still committed to introducing all of the measures listed in the DWP's fraud plan. The breadth of the DWP's third-party data collection powers is limited to what is necessary to guarantee its future viability.

This is due to the nature of fraud, which has altered significantly in recent times and continues to do so. The DWP's existing authority is insufficient to combat the new forms of fraud that the assistance system is experiencing.

Viscount Camrose adds that to ensure that benefits like the state pension continue to have low fraud rates, they are including all benefits. Naturally, the DWP will want to concentrate their action on places where fraud or error is a serious problem. The DWP has outlined in its fraud plan how it intends to use the new powers, with fraud in universal credit being the first area of attention.