Dangerous new Android malware drains your bank accounts and completely wipes your device — how to stay safe
New BingoMod malware can also bypass antivirus apps
Having your bank accounts drained by hackers is bad enough but a new Android malware is taking things a step further by completely wiping your phone clean afterwards.
As reported by BleepingComputer, this new malware strain has been dubbed “BingoMod” by the security researchers at the online fraud management company Cleafy who first discovered it back in May of this year.
Like other dangerous malware, this one is designed to steal your hard-earned cash by accessing your financial accounts. However, BingoMod is capable of performing on-device fraud (ODF) which allows the hackers behind it to easily bypass anti-fraud systems.
If you have one of the best Android phones and don’t want to end up with an empty bank account and a completely wiped phone, here’s everything you need to know about this new malware strain and what to look out for to help you stay safe.
Committing on-device fraud
In their report on the matter, Cleafy’s researchers explain that the new BingoMod malware is currently being spread through phishing messages sent via text.
In order to get potential victims to open and interact with them, these malicious messages use a variety of names which closely resemble actual Android security software. For example, some of these phishing texts use the icon for AVG AntiVirus Free which is available on the Google Play Store.
When a potential victim does try to install one of these malicious apps, BingoMod asks for permissions for Android’s Accessibility Service which is often abused by mobile malware strains to gain even greater control over an infected smartphone.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Here at Tom’s Guide our expert editors are committed to bringing you the best news, reviews and guides to help you stay informed and ahead of the curve!
From here, BingoMod steals login credentials, takes screenshots and intercepts any text messages sent to the now compromised Android device. However, in order to perform on-device fraud, it also establishes a socket-based channel to receive commands along with an HTTP-based channel to send screenshots back to hackers behind this malware.
By obtaining real-time screen content from an infected device, it’s much easier for BingoMod to bypass anti-fraud systems that use identity verification and authentication since they are using a victim’s actual smartphone and not just their credentials. In fact, the malware actually gives cybercriminals a great deal of command over an infected Android phone; they can click on a particular area, write text anywhere they want and launch apps.
At the same time, BingoMod also allows hackers to launch manual overlay attacks by using fake notifications. Finally, to make matters worse, a smartphone infected with BingoMod can use text messages to spread onto other vulnerable phones.
Bypassing antivirus apps and wiping phones clean
If all that wasn’t scary enough, BingoMod can also remove the best Android antivirus apps from an infected smartphone as well as block the activity of any apps the hackers behind this malware specify in a command.
To help it evade detection, BingoMod’s creators have added code-flattening and string obfuscation layers. Even the popular malware analyzation service VirusTotal couldn’t detect this new Android malware.
As for wiping an infected phone clean, if the malware is registered on the device as a device admin app, a hacker can send a remote command to wipe its system. However, Cleafy’s researchers point out in their report that this is only done after a successful transfer and only impacts a phone’s external storage.
Still though, a complete wipe is possible if a hacker uses this ability to erase all of a device’s data and then resets the phone via system settings.
How to stay safe from Android malware
Even with all of these advanced capabilities, BingoMod actually still appears to be in an early development stage which means it could become even more dangerous later on. At the moment though, it is only being used to target Android phones owned by English, Romanian and Italian-speaking users.
Since BingoMod can bypass Android antivirus apps and evade detection, the only way to stay safe is by avoiding the malicious text messages used in this campaign altogether. If you do get an unsolicited message from someone you don’t know, you need to be very careful. Don’t click on any links it may contain and likewise, you shouldn’t respond to it either.
In a statement to Tom's Guide, a Google spokesperson explained that the search giant's built-in antivirus app Google Play Protect can help protect Android smartphones from this new malware threat, saying:
"Android users are automatically protected against known versions of this malware by Google Play Protect, which is on by default on Android devices with Google Play Services. Google Play Protect can warn users or block apps known to exhibit malicious behavior, even when those apps come from sources outside of Play."
As BingoMod is still in active development, this likely isn't the last we've heard of this new Android malware. However, if you're extra careful online and avoid interacting with text messages from unknown senders, you can avoid having your bank accounts drained and your smartphone wiped by hackers.
More from Tom's Guide
Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.