Security News > 2024 > August > New Android Banking Trojan BingoMod Steals Money, Wipes Devices

New Android Banking Trojan BingoMod Steals Money, Wipes Devices
2024-08-01 12:52

Cybersecurity researchers have uncovered a new Android remote access trojan called BingoMod that not only performs fraudulent money transfers from the compromised devices but also wipes them in an attempt to erase traces of the malware.

"BingoMod belongs to the modern RAT generation of mobile malware, as its remote access capabilities allow threat actors to conduct Account Takeover directly from the infected device, thus exploiting the on-device fraud technique," researchers Alessandro Strino and Simone Mattia said.

It's worth mentioning here that this technique has been observed in other Android banking trojans, such as Medusa, Copybara, and TeaBot.

BingoMod, like BRATA, also stands out for employing a self-destruction mechanism that's designed to remove any evidence of the fraudulent transfer on the infected device so as to hinder forensic analysis.

To initiate money transfers directly from compromised devices, BingoMod establishes a socket-based connection with the command-and-control infrastructure to receive as many as 40 commands remotely to take screenshots using Android's Media Projection API and interact with the device in real-time.

Another crucial aspect is the threat actor's emphasis on evading detection using code obfuscation techniques and the ability to uninstall arbitrary apps from the compromised device, indicating that the malware authors are prioritizing simplicity over advanced features.


News URL

https://thehackernews.com/2024/08/new-android-banking-trojan-bingomod.html