The Android malware BingoMod collects personal data and communications from users, enabling hackers to take control of accounts and steal money.
The RAT, known as BingoMod and unconnected to well-known malware families, enables threat actors to carry out on-device fraud (ODF) and start money transfers from compromised devices, eluding behavioral detection, authentication, and verification safeguards. An Android user is the victim of a newly discovered remote access trojan (RAT) that aims to take over their account and steal their money and personal data. Once on a device, the virus performs overlay assaults, grants remote access with VNC-like features, and uses permissions to steal user data, including SMS messages, credentials, and account details.
BingoMod is aimed at gadgets that support English, Romanian, and Italian and was most likely created by Romanian speakers. In order to reduce BingoMod’s detection rate by antivirus software, developers are experimenting with obfuscation techniques while the game is still in the development stage. The desire to experiment with various anti-analysis setups has surfaced from the entire sample rather than increasing the malware’s functional complexity. The malware, which was initially discovered in May 2024, is spread through smishing and frequently takes the form of a genuine antivirus program. After installation, it requests that the user activate Accessibility Services, stating that the rights are required for proper operation.
BingoMod gathers device data and initiates contact with the command-and-control (C&C) server while the malicious payload is executed and the user is locked out of the main screen. Functioning in the background, it records keystrokes, eavesdrops on SMS messages, and creates a socket-based link with the command and control center. This allows the threat actors to execute approximately 40 remote tasks, including navigating between apps, filling out forms, and clicking buttons on the device’s screen.
The malware exhibits phishing capabilities through overlay attacks and phony notifications in addition to real-time screen control. Surprisingly, overlay attacks are started immediately by the malware operator rather than when particular target apps are opened. Threat actors can also send SMS messages from compromised devices using BingoMod, which might be used to disseminate the malware even more. The malware stops the user from changing system preferences, restricts particular apps, and uninstalls programs in order to hinder eradication. But it permits attackers to erase the compromised devices in order to cover their tracks—usually following a fraudulent transfer.
This malware is noteworthy for its ability to wipe devices when a fraudulent transaction occurs. The simplicity and basic structure of the code suggest that this feature is more of an easy exit strategy than an indicator of any direct ancestry or relationship to Brata, even if this behavior is reminiscent of the Brata malware, according to sources.
Also read: Achieving Rapid Outcomes with AI-Driven Cloud Analytics
Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter
About us:
CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.
CIO News is a proprietary of Mercadeo Multiventures Pvt Ltd.