Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Cesar Cadenas

Cybersecurity firm warns Android users to watch out for money-draining malware

Man looking at smartphone.

Researchers at cybersecurity company Cleafy are warning people about new Android malware that can steal money from their bank accounts. It’s called BingoMod and is a type of remote access trojan, or RAT for short. Cleafy discovered it back in May 2024 and recently published a report on its website explaining how the malware operates. As you read the post, you’ll quickly realize just how threatening it is.

According to Cleafy, the bad actors behind BingoMod engage in “smishing” campaigns. Smishing is a portmanteau of “SMS” and “phishing” and is normally a “social engineering attack” that utilizes fake text messages to trick people into downloading malware. In this instance, BingoMod takes the form of a “legitimate antivirus” app. 

It’s gone under several names: Chrome Update, InfoWeb, Sicurezza Web, WebInfo, and more. Plus, as BleepingComputer points out, the malware has even taken the logo for the legitimate AVG Antivirus & Security tool as its own. 

Upon installation, BingoMod instructs users to “activate Accessibility Services” to enable the security software. However, in reality, it gives the malware permission to infect a device. 

Remote fraud

BingoMod then functions discreetly in the background, stealing login credentials, taking screenshots, and intercepting texts. Since the malware is so deeply integrated within a smartphone’s system, bad actors can control it remotely “to perform on-device fraud” or ODF. It is here where the malware begins to send fraudulent transactions from the infected device to an outside location.

A phone’s security system can’t stop this process because BingoMod not only impersonates users but also disables said system. Cleafy states the malware is able to “uninstall arbitrary applications,” preventing security apps from detecting its presence. Once all these obstacles are gone, the threat actors can, at any time, wipe out all the data on the phone in one fell swoop.

If that’s not enough, an infected device could be used as a jump-off point to spread the malicious software further via text messages.

How to prevent being infected

It is a scary situation, but what’s scarier is whoever is behind BingoMod is still actively working on it. Cleafy says the developers are looking for ways to “lower its detection rate against AV solutions.”

We only scratched the surface, so we highly recommend reading the report, which goes into deeper detail. The writers included pictures of the software’s code and some of its commands. Additonally, they found evidence indicating the person behind it all may be based in Romania, although they have help from developers across the world.

To protect yourself, the best thing you can do is not click any links from unrecognized or unverified sources. Be sure to download apps from reputable platforms such as the Google Play Store. Google told BleepingComputer that Play Protect is capable of detecting and blocking BingoMod, which is great, but we still strongly suggest exercising your due diligence.

For more robust protection, check out TechRadar’s list of the best password managers for 2024

You might also like

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.