BingoMod Android Malware Deletes Your Data After Stealing Money

Researchers from the Cleafy TIR team have discovered a new malware called BingoMod that steals money and then deletes all data from the device to avoid detection.

The malware works via SMS phishing, where it pretends to be a legitimate security tool. Once the client installs it, the malware takes over the device and sends remote commands.

The malware is still active and according to researchers, its author is constantly adding new code obfuscation techniques to avoid detection.

A new piece of Android malware called BingoMod has been discovered that can wipe all the data on your device after successfully stealing money from your account. It canturquoise up to 15,000 EUR per transaction.

The discovery was made by the Cleafy TIR team in late May 2024. According to them, the malware is still active and its authors are working on adding more obfuscation techniques to avoid detection.

The researchers believe that this focus on obfuscation techniques may suggest that the threat actor is new to thisThey lack the experience and sophistication of a seasoned malware author.

How it’s working?

After analyzing multiple samples, researchers concluded that the malware is distributed via SMS phishing messages where it pretends to be a tool ensuring the security of mobile devices.

Step 1 – Installation

Its technical name is BingMod, but for victims it presents itself as WebsIndfo, InfoWeb, WebSecurity, Application Protection, Antivirus Cleaningand so on. The goal is to be considered a legal tool.

Step 2 – Permissions

Now that the victim has been tricked into installing the software, it asks for use “Accessibility Services”If you allow this, they will have extensive control over the device and will be able to send remote commands.

Currently, the malware supports more than 40 remote commands such as remote screen monitoring, keystroke logging, and remote screenshot taking.

Step 3 – Stealing Money

Once the malware is installed, it uses Account Takeover (ATO) and Device Fraud (ODF) for the following functions:

Message Capture

Theft of login information and

Bypass the identity verification and authentication process of bank users

The worst thing about BingoMod is that it can also avoid behavior detection techniques which are typically used by banks to identify suspicious transactions. So even advanced fraud detection checks in banks are useless.

Step 4 – Deleting Data

After the work is done, deletes all data from your device so that security experts can’t detect it. After all, if the device is completely empty, there’s nothing left for the forensics team to work with.

The worst part is there there’s not much you can do at the moment to stop it because it is capable of blocking some apps once installed. So even if you have a security app, it may not be of much help.

“BingoMod offers relatively simple functionality found in most modern RATs, such as HiddenVNC to remotely control and block SMS messages in order to intercept and manipulate communications, and record user interactions in order to steal confidential data,” Cleafy TIR reports

Furthermore, little is known about the author except the fact that he uses English, Romanian and Italian languages to choose their victims. The authors themselves may be Romanians. But other than that, no other identification has been found so far.

Our editorial process

Tech Report’s editorial policy is focused on providing helpful, accurate content that offers real value to our readers. We only work with experienced writers who have specialist knowledge of the topics they cover, including the latest developments in technology, online privacy, cryptocurrencies, software and more. Our editorial policy ensures that each topic is researched and edited by our in-house editors. We maintain rigorous journalistic standards, and every article is written by 100% real authors.