Malware has become the scourge of everyone’s online existence since it provides the easiest backdoor entry for cybercriminals and thieves. Google is typically on top of things, keeping the Play Store free of malicious apps and ensuring that Android security fixes are delivered on time, but occasionally attackers manage to stay ahead of the curve and steal money or personal information from their victims. One such malware was recently discovered in the wild, targeting Android smartphones, taking all financial data and then erasing them completely.
Android malware disguises itself in a variety of ways, but the most recent one to be wary of is known as BingoMod, and Bleeping Computer discovered a report from researchers at cybersecurity firm Cleafy claiming it employs a technique known as smishing to infect smartphones. Smishing, also known as SMS phishing, involves sending a malware-laced weblink to an unsuspecting victim’s device, which in this case installs the BingoMod software (version 1.5.1) under a false identity, typically spoofing the program name and icon for mobile security solutions such as AVG AntiVirus & Security.
During installation, the program seeks access to device accessibility services, which it then uses to steal login credentials, capture screenshots, and intercept SMS communications. All of this is also transmitted to the threat actor over a dedicated channel, granting them near-real-time access to the device’s functions. Cleafy further notes that the malware gathers the displayed information using Android’s media projection APIs, which are responsible for handling screencasting requests, allowing bad actors to avoid security measures such as 2FA authentication.
They are targeting devices in Italy while they are in active development.
BingoMod is now hiding its attacks from victims by displaying phoney notifications and other overlays on the screen while taking money and data in the background. The program is believed to be of Romanian origin, with potential contributions from developers around the world, and is now targeting handsets in Italy, stealing up to 15,000 Euros every transaction. However, Cleafy specialists are concerned that the malware could attack smartphones in other areas as well, given that the app is still under development.
BingoMod’s evasive methods are already letting the program elude detection by reputable technologies such as VirusTotal, and the compromised device can infect further devices. Suppose the victim grants the BingoMod software device administrator capabilities. In that case, the bad actors will be able to erase the device as well remotely, but Cleafy claims it would just clear the linked external storage.
As always, the simplest approach to avoid such smishing attacks is to never follow links from untrusted sites, particularly ones that purport to be significant. Install programs from reliable sources, such as the Google Play Store, and use passcodes whenever possible to add biometric protection to your online accounts. A Google spokesman told Android Police that Play Protect already protects Android users from known versions of this info-stealer malware by banning or notifying them, even if the infected app was not downloaded from the Play Store. Nonetheless, we recommend utilising one of our favourite password managers to protect your credentials and stay informed about current data breaches that could jeopardise your accounts.
Views: 28