Bingomod

Malware updated a month ago (2024-11-29T14:47:05.705Z)
Download STIX
Preview STIX
BingoMod is a type of malware that targets banking customers through a manual approach, which requires less technical skill and helps to bypass banks' behavioral detection defenses. Similar to other banking trojans like Medusa, ToxicPanda, and Copybara, this stripped-down method gives threat actors the advantage of not needing highly skilled developers and allows them to victimize a broader range of banking customers. It also circumvents many cybersecurity protections used by financial services and banks. BingoMod was designed to initiate money transfers from compromised devices via Account Takeover (ATO) using a technique known as On Device Fraud (ODF). The malware was observed targeting devices using English, Romanian, and Italian languages, with comments in the code suggesting the authors may be Romanian. Once installed on a victim's device, BingoMod leverages various permissions, including Accessibility Services, to quietly steal sensitive information such as credentials, SMS messages, and current account balances. It shows relatively straightforward functionalities commonly found in most contemporary Remote Access Trojans (RATs), such as HiddenVNC for remote control and SMS suppression to intercept and manipulate communication. Furthermore, BingoMod can disable security solutions or block specific apps. After installation, BingoMod prompts users to activate Accessibility Services under the guise of necessary app functionality. Once activated, it uses keylogging and SMS interception to steal sensitive information like login credentials and transaction authentication numbers. The malware belongs to the modern RAT generation of mobile malware, as its remote access capabilities allow threat actors to conduct ATO directly from the infected device, exploiting the ODF technique. Despite its effectiveness, the emphasis on obfuscation and unpacking techniques suggests that the developers may lack the sophistication or experience of more advanced malware authors.
Description last updated: 2024-11-11T14:42:05.588Z
What's your take? (Question 1 of 3)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Android
Banking
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The malware Copybara is associated with Bingomod. Unspecified
2
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Medusa Threat Actor is associated with Bingomod. Medusa, a threat actor group known for its malicious activities, has been increasingly involved in multiple high-profile cyber attacks. In November 2023, Medusa and other groups like LockBit and ALPHV (BlackCat) exploited a zero-day vulnerability, the Citrix Bleed (CVE-2023-4966), leading to numerouUnspecified
2
Source Document References
Information about the Bingomod Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more