Click to Skip Ad
Closing in...

Scary Android malware steals your money then wipes your device

Published Jul 31st, 2024 6:34PM EDT
Display of the Samsung Galaxy A15 5G
Image: Christian de Looper for BGR

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

A new Android malware currently making the rounds is about as terrifying as any we’ve seen in recent months. Researchers from Cleafy Labs say that they analyzed a previously undiscovered Android remote administration tool (RAT) in May which they later dubbed BingoMod. The goal of the malware is to initiate money transfers on Android devices, but BingoMod has one more trick up its sleeve: It can wipe all your data once it’s done.

BingoMod works similarly to other Android malware families we have covered recently. First, the victim is tricked into installing a malicious app posing as legitimate antivirus software. Following the installation, BingoMod prompts the user to give the app access to Accessibility Services. If the user does so, the APK unpacks itself and executes its malicious payload.

After that, BingoMod begins running in the background and attempting to steal user credentials by using keylogging and SMS interception. Once the hackers have the data they need, they can take over a device and begin initiating money transfers.

In order to protect itself, BingoMod makes it difficult to edit system settings on the user’s device, blocks the activity of specific apps, and even uninstalls other apps if necessary.

But, as Cleafy explains, BingoMod has another surefire way to avoid detection:

BingoMod’s most notable security measure is its ability to wipe the device remotely with a dedicated command. This feature can be implemented by BingoMod when it is a device administrator and is typically executed after a successful fraud.

However, this functionality is limited to the device’s external storage only, so we speculate that the complete wipe is performed by [threat actors] directly from the device’s system settings, leveraging BingoMod’s remote access capabilities.

While Cleafy researchers admit that BingoMod isn’t as sophisticated as other infamous Android trojans, such as the banking malware SharkBot, they still warn that BingoMod “poses significant risks to end-users and financial institutions due to the potential for substantial economic loss and the disruption of personal data security.”

UPDATE | August 2: A Google spokesperson reached out with the following statement: “Android users are automatically protected against known versions of this malware by Google Play Protect, which is on by default on Android devices with Google Play Services. Google Play Protect can warn users or block apps known to exhibit malicious behavior, even when those apps come from sources outside of Play.”

Jacob Siegal
Jacob Siegal Associate Editor

Jacob Siegal is Associate Editor at BGR, having joined the news team in 2013. He has over a decade of professional writing and editing experience, and helps to lead our technology and entertainment product launch and movie release coverage.