August 1, 2024 at 09:06AM
Italian cybersecurity firm Cleafy discovered an Android remote access trojan (RAT) called BingoMod. It’s capable of fraudulent money transfers and device wiping to erase malware traces. The RAT, attributed to a Romanian-speaking threat actor, uses remote access to exploit on-device fraud, and the malware is under active development. BingoMod employs various tactics to evade detection, including code obfuscation and phishing capabilities.
From the meeting notes, it is clear that cybersecurity researchers have discovered a new Android remote access trojan (RAT) called BingoMod. This RAT not only conducts fraudulent money transfers from compromised devices but also wipes them in an attempt to erase traces of the malware. The RAT is attributed to a likely Romanian-speaking threat actor and belongs to the modern RAT generation of mobile malware. It has capabilities for remote access, Account Takeover (ATO), and on-device fraud (ODF) techniques.
BingoMod is known for masquerading as antivirus tools and an update for Google Chrome. Once installed, it prompts the user to grant it accessibility services permissions, allowing it to execute malicious actions such as collecting device information, stealing sensitive information, intercepting SMS messages, and initiating money transfers directly from compromised devices.
The trojan relies on a live operator to conduct money transfers of up to €15,000 per transaction and emphasizes evading detection using code obfuscation techniques and the ability to uninstall arbitrary apps from the compromised device. It also exhibits phishing capabilities through Overlay Attacks and fake notifications.
The researchers have also noted that BingoMod’s remote access capabilities allow threat actors to initiate fraudulent money transfers and conduct real-time interaction with the compromised device. The threat actor’s emphasis on evading detection using code obfuscation techniques indicates a prioritization of simplicity over advanced features.
Overall, it’s a sophisticated and concerning threat that requires attention and action in terms of prevention and mitigation.