August 1, 2024 at 08:06AM
A new Android-targeting remote access trojan named BingoMod, discovered by Cleafy, is designed to steal user information and money through account takeover tactics. The malware, likely developed by Romanian speakers, attempts to lower its detection rate by experimenting with obfuscation techniques. BingoMod also allows threat actors remote device control and phishing capabilities.
The meeting notes indicate that a new remote access trojan (RAT) targeting Android users has been discovered. Named BingoMod, it is distinct from known malware families and facilitates money transfers, bypassing security measures. This RAT, likely developed by Romanian speakers, targets English, Romanian, and Italian devices. It was initially detected in May 2024 and is distributed via smishing, appearing as a legitimate antivirus application. Once installed, it executes a malicious payload, essentially taking over the infected device.
BingoMod can log keystrokes, intercept SMS messages, and establish a connection with a command-and-control server, enabling threat actors to perform various remote operations. It also demonstrates phishing capabilities, allowing attackers to send SMS messages from the infected devices. Notably, it can prevent users from editing system settings and uninstall applications, while also allowing for wiping of infected devices to conceal malicious activities.
Further research may uncover the RAT’s obfuscation techniques and preventive measures, and notable similarities in behavior to other known malware exist. Additionally, related articles highlight different Android malware campaigns, emphasizing the growing threat to mobile device security.