Having your bank accounts drained by hackers is bad enough but a new Android malware is taking things a step further by completely wiping your phone clean afterwards.
As reported by BleepingComputer, this new malware strain has been dubbed “BingoMod” by the security researchers at the online fraud management company Cleafy who first discovered it back in May of this year.
Like other dangerous malware, this one is designed to steal your hard-earned cash by accessing your financial accounts. However, BingoMod is capable of performing on-device fraud (ODF) which allows the hackers behind it to easily bypass anti-fraud systems.
If you have one of the best Android phones and don’t want to end up with an empty bank account and a completely wiped phone, here’s everything you need to know about this new malware strain and what to look out for to help you stay safe.
Committing on-device fraud
In their report on the matter, Cleafy’s researchers explain that the new BingoMod malware is currently being spread through phishing messages sent via text.
In order to get potential victims to open and interact with them, these malicious messages use a variety of names which closely resemble actual Android security software. For example, some of these phishing texts use the icon for AVG AntiVirus Free which is available on the Google Play Store.
When a potential victim does try to install one of these malicious apps, BingoMod asks for permissions for Android’s Accessibility Service which is often abused by mobile malware strains to gain even greater control over an infected smartphone.
From here, BingoMod steals login credentials, takes screenshots and intercepts any text messages sent to the now compromised Android device. However, in order to perform on-device fraud, it also establishes a socket-based channel to receive commands along with an HTTP-based channel to send screenshots back to hackers behind this malware.
By obtaining real-time screen content from an infected device, it’s much easier for BingoMod to bypass anti-fraud systems that use identity verification and authentication since they are using a victim’s actual smartphone and not just their credentials. In fact, the malware actually gives cybercriminals a great deal of command over an infected Android phone; they can click on a particular area, write text anywhere they want and launch apps.
At the same time, BingoMod also allows hackers to launch manual overlay attacks by using fake notifications. Finally, to make matters worse, a smartphone infected with BingoMod can use text messages to spread onto other vulnerable phones.
Bypassing antivirus apps and wiping phones clean
If all that wasn’t scary enough, BingoMod can also remove the best Android antivirus apps from an infected smartphone as well as block the activity of any apps the hackers behind this malware specify in a command.
To help it evade detection, BingoMod’s creators have added code-flattening and string obfuscation layers. Even the popular malware analyzation service VirusTotal couldn’t detect this new Android malware.
As for wiping an infected phone clean, if the malware is registered on the device as a device admin app, a hacker can send a remote command to wipe its system. However, Cleafy’s researchers point out in their report that this is only done after a successful transfer and only impacts a phone’s external storage.
Still though, a complete wipe is possible if a hacker uses this ability to erase all of a device’s data and then resets the phone via system settings.
How to stay safe from Android malware
Even with all of these advanced capabilities, BingoMod actually still appears to be in an early development stage which means it could become even more dangerous later on. At the moment though, it is only being used to target Android phones owned by English, Romanian and Italian-speaking users.
Since BingoMod can bypass Android antivirus apps and evade detection, the only way to stay safe is by avoiding the malicious text messages used in this campaign altogether. If you do get an unsolicited message from someone you don’t know, you need to be very careful. Don’t click on any links it may contain and likewise, you shouldn’t respond to it either.
Tom’s Guide has reached out to Google about whether or not Google Play Protect is able to defend against this latest Android threat and we will update this piece accordingly once we hear back from the search giant.