BleepingComputer reports that on-device fraud has been leveraged by the novel BingoMod Android malware to facilitate exfiltration of bank account funds before wiping targeted devices' data.
Threat actors leveraged smishing campaigns to deploy BingoMod in the guise of mobile security tools, such as APP Protection, AVG AntiVirus & Security, and WebSecurity, which when installed would trigger a request for Accessibility Services before proceeding with credential theft, screenshot capturing, and SMS message interception activities, an analysis from Cleafy showed. On-device fraud has been conducted by the malware through the creation of channels for command receipt and screenshot delivery, with attackers also using the virtual network computing mechanism to secure real-time screen content, said researchers, who also noted BingoMod's capability of allowing manual overlay intrusions. Additional analysis revealed the inclusion of code-flattening and string obfuscation layers in the malware to ensure stealth while remote access capabilities could be used to remove all data and conduct device resets.