Security firm Cleafy has discovered a new piece of Android malware being used in the wild, dubbed BingoMod. BingoMod is designed to steal money from a victim by committing On Device Fraud, which makes it easier to bypass security measures used by banking institutions. The threat actors appear to be targeting users whose language is English, Romanian or Italian. Thankfully, the time and effort required by these types of attacks “implicitly means lowering its scale factor.”
The attacks make use of smishing (SMS phishing) for distribution, deceiving victims into thinking they are installing security tools such as an antivirus app. As typical, once installed on a device the malware will request a wide variety of permissions that gives the attacker wide latitude on the device.
BingoMod has a variety of functions. One such function is key logging, which is used to steal a victim’s credentials to whatever service they happen to log into after being infected. Additionally, it can be used to intercept SMS messages that are often used by banking institutions to deliver second factor authentication codes. Moreover, the attackers using this malware have shown a penchant for wiping devices to cover their tracks, although the malicious software itself can only remotely wipe attached storage devices.
According to the report, it’s “worth mentioning that this sample is in its early stage of development.” This is the silver lining here, as most of the malware’s functionality still requires time and attention from the threat actors, lowering the amount of victims impacted. Although with enough development time it’s possible for BingoMod to get to a point where many of the aspects become automated.
As always, users should be mindful whenever installing apps on their devices, as these types of attacks show no signs of slowing down.