Cybersecurity experts have come across an Android remote access trojan (RAT) known as BingoMod sparking concerns, within the mobile security realm. This harmful software not conducts money transfers from compromised devices but also takes an extra step by wiping the devices clean to cover its tracks and impede forensic investigations.
Cleafy, a cybersecurity firm that initially spotted BingoMod in May 2024 suspects that the malware is still being actively developed. By examining Romanian language clues, in the source code of versions researchers have linked this Android trojan to a Romanian speaking threat actor.
BingoMod’s Unique Features and Capabilities
What makes BingoMod stand out from Android banking trojans is its utilization of the, on device fraud (ODF) method. This technique enables cybercriminals to hijack accounts from the compromised device. With its remote access features BingoMod poses a threat in the realm of mobile malware.
To initiate money transfers BingoMod establishes a connection via sockets to its command and control (C2) infrastructure. This connection allows it to receive up to 40 commands empowering the malware to capture screenshots engage with the device in time and even uninstall specific apps to avoid detection. The ODF method utilized by BingoMod relies on an operator for executing fraud enabling transactions of up to €15,000 (~$16,100), per operation.