A new Android trojan has arrived as a threat to mobile users. Identified as BingoMod, the trojan is a potent money stealer that even wipes off infected Android devices. Users must remain cautious when downloading apps from unsolicited and unofficial sources.
BingoMod Android Trojan Aims At Stealing Money
Researchers from Cleafy cybersecurity firm have found a new malware threat targeting Android users. As explained in their report, the malware, which they named BingoMod, is a potent Android trojan that steals money from users’ devices and wipes them after a successful attack to remove any traces behind it.
Specifically, BingoMod caught the researchers’ attention in May 2024. The malware is so named because the researchers noticed a malware component named “ChrUpdate” in the early stages, changing its name to “BingoMod” later.
The malware reaches the target devices via smishing attacks or luring the users into downloading fake antivirus applications. Once downloaded and installed, the malware exploits the device’s Accessibility Services to gain various permissions. Once granted, the malware establishes persistence on the device and executes the payload.
Regarding the malware functionalities, the researchers found it stealing device information, logging keystrokes to steal credentials, intercepting SMS to access transaction authentication numbers, taking screengrabs, and more. The prime purpose of this malware is to steal money fraudulently from the target devices, which is evident from the malware’s Account Takeover (ATO) and On Device Fraud (ODF) capabilities (similar to other Android malware like Teabot, Medusa, and Copybara).
After a successful attack, the malware wipes off the target device, a functionality similar to that of another trojan, BRATA. This action aims to prevent detection during possible forensic analysis.
Currently, BingoMod is in the early developmental stages, which means that future malware variants may exhibit more malicious and sneaky capabilities.
The exact identity of the threat actors behind this malware remains unclear. However, considering some comments in Romanian in the early BingoMod versions, the researchers suspect the attackers to have Romanian origin.
Once again, Android users must remain careful when downloading applications. Even for antivirus applications, users must ensure that they download the apps directly from the official websites and app store developer accounts.
Let us know your thoughts in the comments.
