X
search

New malware can steal your money and factory reset your Android

Pictured: Jean Leon
By Jean Leon
August 01, 2024
Featured image for New malware can steal your money and factory reset your Android

[Update: This article was updated to include a comment from a Google Spokesperson about the Android SMS phishing scam.]

There’s a new malware targeting Android devices via SMS phishing. The malware, known as BingoMod, is still in development. However, its potential capabilities range from stealing money to factory resetting the devices of those who allow its installation.

BleepingComputer, a website specializing in cyber-security, warned about the new malware. According to the report, BingoMod’s main method of propagation between Android devices is through SMS phishing. The SMS is disguised as a mobile security tool, inviting the user to download an app. Once installed, BingoMod even uses icons from popular security tools, such as Avast. It is also capable of using camouflage methods to hide from malware detection tools. So, you will not receive alerts for suspicious activity.

BingoMod spreads across Android devices via SMS phishing; requests sensitive permissions

BingoMod asks the user for Accessibility Services permissions. If you’re not aware, this permission gives apps a high level of control over the device. Therefore, you should never grant it to any app if it’s not extremely trusted and absolutely necessary. If the user grants the Accessibility Services permission, the malware will be able to access credentials, take screenshots, and perform all sorts of actions via remote commands.

The Accessibility Services permission also allows it to enable screen-sharing requests. This way, the attacker will receive in real time everything that happens on your screen and can control it. As you can imagine, at this point, the attacker can do practically anything with your device. They could even use your phone as a node to spread the malware to all your contacts via SMS.

It can steal your money and wipe your device’s data

According to the source, BingoMod is capable of stealing up to 15,000 euros from the bank accounts of the affected user. Then, if the attacker wants, it can execute remote commands to trigger a factory reset on the device. This way, the malware could remove any trace of activity and where it sent the data. BingoMod is said to be at version 1.5.1, but in an early stage of development.

However, you can stay safe from these kinds of attacks by using common sense and some basic precautions. For example, never download anything or enter credentials into links received via SMS. Also, don’t accept the installation of any unknown app. And, of course, avoid granting sensitive permissions like Accessibility Services to suspicious apps.

Google’s response

A Google spokesperson responded with, “Android users are automatically protected against known versions of this malware by Google Play Protect, which is on by default on Android devices with Google Play Services. Google Play Protect can warn users or block apps known to exhibit malicious behavior, even when those apps come from sources outside of Play.”