Beware of this new Android malware that empties your bank account, clears your device completely

There’s been a spike in malware hitting Android phones, and the latest one, called BingoMod, might be the scariest yet. 

This malware can steal money from your accounts and then wipe your phone clean. Using on-device fraud techniques, it can swipe up to $16,000 in one go. 

And the worst part? This isn’t even the final version. Researchers say the creators are working on adding more features to make sure it doesn’t get detected.

GET SECURITY ALERTS, EXPERT TIPS – SIGN UP FOR KURT’S NEWSLETTER – THE CYBERGUY REPORT HERE

How BingoMod enters your phone

According to researchers at Cleafy, the malware is a remote access trojan (RAT), meaning an attacker uses it to gain full remote access to your Android phone. The malware enters your phone as an app, which is distributed through smishing (SMS phishing) campaigns.

How BingoMod tricks you

The malicious app often masquerades as a legitimate antivirus application with names like APP Protection, Antivirus Cleanup, Chrome Update, InfoWeb, SicurezzaWeb, WebSecurity, WebsInfo, WebInfo, and APKAppScudo. The Cleafy report noted that, in one instance, it also imitated the free AVG AntiVirus & Security tool available on Google Play. We reached out to Google, and a spokesperson provided the following statement.

“Based on our current detection, no apps containing this malware are found on Google Play. Android users are automatically protected against known versions of this malware by Google Play Protect, which is on by default on Android devices with Google Play Services. Google Play Protect can warn users or block apps known to exhibit malicious behavior, even when those apps come from sources outside of Play.”

Once installed on your phone, BingoMod asks you to activate Accessibility Services, which should be taken as a red flag. When you grant access to Accessibility Services, you’re practically giving it access to everything on your phone.

Once BingoMod has all the permissions it needs, its background functions start to act, aiming to provide sensitive data to the actors behind the malware. It uses a technique called keylogging to steal sensitive information displayed on the device screen or entered by you, such as login credentials or account balances. It can also intercept your messages to detect one-time passwords or authentication codes.

How BingoMod ensures its persistence

To stop you from removing it from your phone, the malware blocks you from changing system settings, blocks certain apps and even uninstalls apps. But to cover its tracks, it lets attackers wipe the infected device, usually after a fraudulent transfer has been done.

A woman holding an Android phone (Kurt “CyberGuy” Knutsson)

ANDROID BANKING TROJAN EVOLVES TO EVADE DETECTION AND STRIKE GLOBALLY

The Android malware is evolving

Researchers believe BingoMod has yet to reach its full potential. The malware is still in its testing phase, and the hackers behind it are working to add more features. Cleafy researchers noted,

“BingoMod is in a development phase, where developers are experimenting with obfuscation techniques to lower its detection rate against AV solutions. From the whole sample collected, what has emerged is the will to try multiple anti-analysis configurations rather than making the malware more complex in terms of functionalities.”

Android phone on desk (Kurt “CyberGuy” Knutsson)

ANDROID BANKING TROJAN MASQUERADES AS GOOGLE PLAY TO STEAL YOUR DATA

11 ways you can protect yourself from the Android malware

While a remote access trojan is hard to detect and can be dangerous once it enters your phone, there are several things you can do to protect your data.

1. Be cautious of phishing attempts: Be vigilant about messages and emails from unknown sources asking for personal information. Avoid clicking on suspicious links or providing sensitive details unless you can verify the legitimacy of the request.

2. Have strong antivirus software: Android has its own built-in malware protection called Play Protect, but it’s not enough to stop all malicious software. Historically, Play Protect hasn’t been 100% foolproof at removing all known malware from Android phones. The best way to protect yourself from clicking malicious links that install malware that may get access to your private information is to have antivirus protection installed on all your devices. This can also alert you of any phishing emails or ransomware scams. Get my picks for the best 2024 antivirus protection winners for your Windows, Mac, Android and iOS devices.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

3. Download apps from reliable sources: It’s important to download apps only from trusted sources like the Google Play Store. They have strict checks to prevent malware and other harmful software. However, even with the security measures provided by Google Play, downloading apps from the store does not guarantee 100% protection against malware or harmful software. Avoid downloading apps from unknown websites or unofficial stores, as they can pose a higher risk to your personal data and device. Never trust download links that you get through SMS.

4. Use an identity theft protection service: Given the increasing sophistication of Android malware like BingoMod, using an identity theft protection service is a crucial step in safeguarding your personal information.

Identity theft companies can monitor personal information like your Socia8l Security number, phone number and email address and alert you if it is being sold on the dark web or being used to open an account. They can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals. See my tips and best picks on how to protect yourself from identity theft.

5. Be cautious with app permissions: Always review the permissions requested by apps before installation. If an app requests access to features that seem unnecessary for its function, it could be a sign of malicious intent. Do not give any app Accessibility permissions unless you really need to. Avoid granting permissions that could compromise your personal data.

6. Monitor your accounts: If you think you have been affected by the banking trojan, regularly review your bank statements, credit card statements and other financial accounts for any unauthorized activity. If you notice any suspicious transactions, report them immediately to your bank or credit card company.

7. Enable SMS notifications for your bank accounts: By enabling SMS notifications, you can monitor your accounts for any unauthorized transactions.

8. Set up two-factor authentication (2FA): 2FA is an extra shield that prevents hackers from accessing your accounts.

9. Use strong and unique passwords: Create strong passwords for your accounts and devices and avoid using the same password for multiple online accounts. Consider using a password manager. A password manager can help you create and store strong, unique passwords for all your accounts, reducing the risk of password theft.

10. Regularly update your device’s operating system and apps: Keeping your software up to date is crucial, as updates often include security patches for newly discovered vulnerabilities that could be exploited by trojans.

11. Avoid using public Wi-Fi for sensitive transactions: Public Wi-Fi networks can be insecure, making it easier for malware or hackers to intercept your data. When accessing sensitive information or conducting financial transactions, use a secure, private connection to protect your data.

ANDROID USERS AT RISK AS BANKING TROJAN TARGETS MORE APPS

Kurt’s key takeaway

As scary as BingoMod sounds, staying vigilant is your best defense. Always be cautious about downloading apps from unknown sources or clicking on suspicious links in texts. Keep your device updated, use a trusted antivirus and be wary of any app asking for too many permissions. This malware might be evolving, but so are the ways to protect yourself.

Do you check app permissions before installing? How do you decide which permissions are acceptable? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you’d like us to cover.

Follow Kurt on his social channels:

Answers to the most asked CyberGuy questions:

Copyright 2024 CyberGuy.com. All rights reserved.