Cleafy, a cybersecurity company, discovered aAndroid malware called BingoMod, will attempt to access the bank account on the device and transfer the deposits in the account. Once the theft is completed, it will also wipe the affected device to destroy the active data.
Cleafy pointed out that BingoMod is a remote access trojan-type malware that allows attackers to remotely control affected devices and obtain bank accounts through fraudulent methods, such as requiring users to enable accessibility services and obtain relevant control permissions.
After obtaining the relevant permissions, BingoMod will self-extract and install. At the same time, by obtaining permissions, it will enable the keyboard operation behavior recording function of the accessibility service, and then steal the account and password entered by the user when using the bank account service. It can also intercept the user's text message content through permissions to obtain the text message verification code during financial transactions, and successfully complete the user's bank account deposit transfer in the background operation.
During the attack, BingoMod also uses the system's media protection API to obtain the screen display content and sends it back to the attacker for confirmation. After the attack is completed, BingoMod will further erase the device's external storage device (usually an additional memory card). The attacker can even remotely control and manually erase all stored content on the device, making it difficult for the victim to track down.
Therefore, Cleafy calls for avoiding installing unidentified apps on Android devices, and also pays attention to suspicious permission requests. It also recommends installing security software on the phone and enabling two-factor authentication. It also recommends checking all bank account financial transaction records to confirm whether they have been affected by any malicious attacks.
