BingoMod Android Trojan Steals Funds and Can Wipe Your Phone Clean
New Android Trojan, BingoMod, Discovered by Researchers
According to ХВИЛЯ: Cybersecurity analysts at Cleafy Labs have uncovered a new variant of the Android Trojan known as BingoMod, which is a type of Remote Access Trojan (RAT). This malware employs a technique called On-Device Fraud (ODF) to carry out fraudulent transactions, directly threatening users' financial security. The campaign began spreading through smishing (SMS phishing) attacks, where victims were tricked into downloading apps named APP Protection and WebSecurity.
Once installed, BingoMod demands extensive permissions, specifically access to Accessibility Services, which grants it the power to perform a wide array of malicious activities. The Trojan is capable of:
- Capturing screen content;
- Intercepting SMS messages;
- Logging keystrokes.
These functions allow attackers to search for saved passwords, security questions, and cryptocurrency wallet seed phrases. The scale of theft is significant, with recorded fraudulent transactions reaching up to 15,000 euros in a single instance.
Attack Risks and Consequences
In a particularly destructive final step, after funds are stolen, the malware can perform a factory reset, wiping the smartphone's data and settings completely. Code analysis suggests the developers behind BingoMod are likely Romanian-speaking hackers. Initial mass attacks were observed targeting users in Italy and Romania, indicating active operations in these regions. This development is a major concern for the Android community, as it highlights a severe escalation in the risks of fraud and personal data loss. Remote Access Trojans like this are a persistent threat, often bypassing traditional security measures by tricking users into granting permissions.
This report underscores the growing threat of fraud within mobile applications.
Users are strongly advised to exercise extreme caution when downloading apps, verifying their legitimacy through official stores and developer information to avoid potential financial loss and the compromise of sensitive personal data.
Read also
