TapTechNews on August 1st. According to a blog post by the tech media bleepingcomputer yesterday (July 31st), it reported on the latest malicious software, BingoMod, that is raging on the Android platform. After successfully stealing the victim's bank funds, it can also restore the factory settings and erase the previous device information.
The security expert company Cleafy analyzed that the BingoMod malicious software is mainly distributed through SMS and poses as the following legitimate mobile security tools for phishing:
PPProtection
AntivirusCleanup
ChromeUpdate
InfoWeb
SicurezzaWeb
WebSecurity
WebsInfo
WebInfo
APKAppScudo
TapTechNews learned from the report that during the installation of BingoMod, it will request permission to use the accessibility service, which involves advanced functions and can have extensive control over the device.
After BingoMod gets the user's permission, it will steal all login credentials on the device, take screenshots and intercept SMS.
In order to carry out fraud (ODF) on the device, this malicious software has established a socket-based channel to receive commands and an HTTP-based channel to send screenshots, thereby enabling almost real-time remote operation.
After the remote attacker accesses the victim's bank account and successfully steals the funds, it can also use the remote access function to clear all data and reset the phone from the system settings.