Cybersecurity firm warns Android users to watch out for money-draining malware

Date:
Sat, 03 Aug 2024 01:30:28 +0000

Description:
The BingoMod malware has been masquerading as a security app ready to steal credentials and wipe out your data.

FULL STORY ======================================================================

Researchers at cybersecurity company Cleafy are warning people about new Android malware that can steal money from their bank accounts. Its called BingoMod and is a type of remote access trojan, or RAT for short. Cleafy discovered it back in May 2024 and recently published a report on its website explaining how the malware operates. As you read the post, youll quickly realize just how threatening it is.

According to Cleafy, the bad actors behind BingoMod engage in smishing campaigns. Smishing is a portmanteau of SMS and phishing and is normally a social engineering attack that utilizes fake text messages to trick people into downloading malware. In this instance, BingoMod takes the form of a legitimate antivirus app.

Its gone under several names: Chrome Update, InfoWeb, Sicurezza Web, WebInfo, and more. Plus, as BleepingComputer points out , the malware has even taken the logo for the legitimate AVG Antivirus & Security tool as its own.

Upon installation, BingoMod instructs users to activate Accessibility
Services to enable the security software. However, in reality, it gives the malware permission to infect a device. Remote fraud

BingoMod then functions discreetly in the background, stealing login credentials, taking screenshots, and intercepting texts. Since the malware is so deeply integrated within a smartphones system, bad actors can control it remotely to perform on-device fraud or ODF. It is here where the malware begins to send fraudulent transactions from the infected device to an outside location.

A phones security system cant stop this process because BingoMod not only impersonates users but also disables said system. Cleafy states the malware
is able to uninstall arbitrary applications, preventing security apps from detecting its presence. Once all these obstacles are gone, the threat actors can, at any time, wipe out all the data on the phone in one fell swoop.

If thats not enough, an infected device could be used as a jump-off point to spread the malicious software further via text messages. How to prevent being infected

It is a scary situation, but whats scarier is whoever is behind BingoMod is still actively working on it. Cleafy says the developers are looking for ways to lower its detection rate against AV solutions.

We only scratched the surface, so we highly recommend reading the report, which goes into deeper detail. The writers included pictures of the softwares code and some of its commands. Additonally, they found evidence indicating
the person behind it all may be based in Romania, although they have help
from developers across the world.

To protect yourself, the best thing you can do is not click any links from unrecognized or unverified sources. Be sure to download apps from reputable platforms such as the Google Play Store. Google told BleepingComputer that Play Protect is capable of detecting and blocking BingoMod, which is great, but we still strongly suggest exercising your due diligence.

For more robust protection, check out TechRadars list of the best password managers for 2024 . You might also like The best antivirus software in 2024 for PC Best malware removal of 2024 Google's latest Android update lets you quickly switch calls and Wi-Fi hotspots between multiple devices



======================================================================
Link to news story: https://www.techradar.com/computing/software/cybersecurity-firm-warns-android- users-to-watch-out-for-money-draining-malware


--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)