A new warning has been issued to Android users after the discovery of a vicious new bug that can steal money and delete everything from phones.
It’s been a worrying week for Android users. Firstly, there was the news that Google had banned 5 popular apps after they were found to be hiding dangerous malware that could allow hackers to spy on those who had installed the software. Now there’s another worrying alert with security experts saying they have discovered a new bug that can be used to drain bank accounts of cash and then delete everything from devices.
The new attack – which has been named BingoMod – was spotted by the team at Cleafy with researchers confirming that, once installed, it can set about stealing all of your login information, snap screenshots remotely, and even read your text messages.
All of this personal data can then be used to hack into bank accounts where money can be stolen without you ever knowing. Once an attack has taken place, hackers can then factory reset infected devices in a bid to cover their tracks.
“The main goal of BingoMod is to initiate money transfers from the compromised devices via Account Takeover (ATO) using a well-known technique, called On Device Fraud (ODF),” Cleafy explained.
“It aims to bypass bank countermeasures used to enforce users’ identity verification and authentication, combined with behavioural detection techniques applied by banks to identify suspicious money transfers.
“After installation on the victim’s device, BingoMod leverages various permissions, including Accessibility Services, to quietly steal sensitive information, including credentials, SMS messages, and current account balances. After a successful fraudulent transfer, the infected device is typically wiped, removing any traces of BingoMod activity to hinder forensic investigations.”
It’s clearly worrying but it appears crooks are still in the early stages of developing this attack and users should be safe for now.
However, this is a good time to make sure your Android phone is protected and you only download apps from reputable places such as the Play Store.
It’s thought that BingoMod will be distributed via text messages with users told to download apps – such as mobile security products – and then hand over certain permissions after installation. If tricked, hackers can the set about spying and stealing data.
Generally speaking, if you only use trusted apps and services you shouldn’t need to use any kind of antivirus software on your Android phone. Just make sure that when you’re browsing the web using your browser app that you don’t visit harmful sites or click on dodgy links. If you do install antivirus, make doubly sure it is from a legitimate and trusted source.
