Cybersecurity firm warns Android users to watch out for money-draining malware
BingoMod can take the form of a seemingly-safe security app
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Researchers at cybersecurity company Cleafy are warning people about newAndroidmalware that can steal money from their bank accounts. It’s called BingoMod and is a type of remote access trojan, or RAT for short. Cleafy discovered it back in May 2024 and recently published areport on itswebsiteexplaining how the malware operates. As you read the post, you’ll quickly realize just how threatening it is.
According to Cleafy, the bad actors behind BingoMod engage in “smishing” campaigns.Smishingis a portmanteau of “SMS” and “phishing” and is normally a “social engineering attack” that utilizes fake text messages to trick people into downloading malware. In this instance, BingoMod takes the form of a “legitimate antivirus” app.
It’s gone under several names: Chrome Update, InfoWeb, Sicurezza Web, WebInfo, and more. Plus, asBleepingComputer points out, the malware has even taken the logo for the legitimate AVG Antivirus & Security tool as its own.
Upon installation, BingoMod instructs users to “activate Accessibility Services” to enable the security software. However, in reality, it gives the malware permission to infect a device.
Remote fraud
BingoMod then functions discreetly in the background, stealing login credentials, taking screenshots, and intercepting texts. Since the malware is so deeply integrated within a smartphone’s system, bad actors can control it remotely “to perform on-device fraud” or ODF. It is here where the malware begins to send fraudulent transactions from the infected device to an outside location.
A phone’s security system can’t stop this process because BingoMod not only impersonates users but also disables said system. Cleafy states the malware is able to “uninstall arbitrary applications,” preventing security apps from detecting its presence. Once all these obstacles are gone, the threat actors can, at any time, wipe out all the data on the phone in one fell swoop.
If that’s not enough, an infected device could be used as a jump-off point to spread the malicious software further via text messages.
Get the best Black Friday deals direct to your inbox, plus news, reviews, and more.
Sign up to be the first to know about unmissable Black Friday deals on top tech, plus get all your favorite TechRadar content.
How to prevent being infected
It is a scary situation, but what’s scarier is whoever is behind BingoMod is still actively working on it. Cleafy says the developers are looking for ways to “lower its detection rate against AV solutions.”
We only scratched the surface, so we highly recommend reading the report, which goes into deeper detail. The writers included pictures of the software’s code and some of its commands. Additonally, they found evidence indicating the person behind it all may be based in Romania, although they have help from developers across the world.
To protect yourself, the best thing you can do is not click any links from unrecognized or unverified sources. Be sure to download apps from reputable platforms such as theGoogle Play Store.Googletold BleepingComputer that Play Protect is capable of detecting and blocking BingoMod, which is great, but we still strongly suggest exercising your due diligence.
For more robust protection, check out TechRadar’s list of thebest password managers for 2024.
You might also like
Cesar Cadenas has been writing about the tech industry for several years now specializing in consumer electronics, entertainment devices, Windows, and the gaming industry. But he’s also passionate about smartphones, GPUs, and cybersecurity.
How to delete a character from Character AI
How to turn off Meta AI
Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics