A new Android malware has the ability to steal your money and then wipe all your data.
BingoMod, as it is known, infects a device and then uses its permissions to covertly steal data such as SMS messages, credentials and account balances.
While data is considered gold, the main purpose of BingoMod is obtaining money. It does this by initiating money transfers from the compromised devices via Account Takeover (ATO), using the On Device Fraud (ODF) technique. Among other things, ODF bypasses behavioural detection countermeasures used by banks and financial services to identify suspicious money transfers.
Once the fraudulent transfer has taken place, the infected device is wiped, in order to remove any traces of illegal activity and hinder any subsequent forensic investigations: "BingoMod has left the building ...".
If there is a positive "side-effect" of this sneaky malware, it is that the ODF technique relies on someone actually authorising the money transfer. This means the scaleability of BingoMod is far less than other malware.
BingoMod came to the attention of the cyber security community in May this year, when researchers from Cleafy Labs discovered and analysed an Android remote administration tool (RAT) that had previously gone undetected. Because of its relative anonymity - it had no references to any known malware families - it was given its own family, BingoMod.
Evidence points to the fact that BingoMod is in development stage. The origins of BingoMod are unclear but target devices include three languages - English, Romanian, and Italian - and, "according to the comments identified within the malware code, developers may be Romanian speakers."
Technical analysis of BingoMod can be found HERE.
