Back

BingoMod: The new android RAT that steals money and wipes data

Aug. 2, 2024, 9:03 a.m.

Tags

rat
android
fraud
banking
2024-08-02
bingomod

External References

https://www.cleafy.com/

https://otx.alienvault.com/

Description

In late May 2024, a new Android Remote Access Trojan (RAT) named BingoMod emerged, aiming to initiate fraudulent money transfers from compromised devices using a technique called On-Device Fraud (ODF). After installation, BingoMod steals sensitive information, conducts overlay attacks, and provides remote control capabilities to threat actors. Once a successful fraud is completed, the infected device is typically wiped clean to hinder forensic investigations. BingoMod targets English, Romanian, and Italian users and employs obfuscation techniques to evade detection. While still in development, it exhibits capabilities similar to other banking trojans like Medusa and Copybara.

Date

Published Created Modified
Aug. 2, 2024, 8:46 a.m. Aug. 2, 2024, 8:46 a.m. Aug. 2, 2024, 9:03 a.m.

Indicators

2d560d4ff46e77ec363f902c61802b1b616b908f32b0bb687328db32ac4a9fac

103.155.92.11

101.99.92.10

Attack Patterns

BingoMod

T1519

T1527

T1537

T1491

T1518

Additional Informations

Italy

Romania