Bingomod

BingoMod is a type of malware that targets banking customers through a manual approach, which requires less technical skill and helps to bypass banks' behavioral detection defenses. Similar to other banking trojans like Medusa, ToxicPanda, and Copybara, this stripped-down method gives threat actors the advantage of not needing highly skilled developers and allows them to victimize a broader range of banking customers. It also circumvents many cybersecurity protections used by financial services and banks. BingoMod was designed to initiate money transfers from compromised devices via Account Takeover (ATO) using a technique known as On Device Fraud (ODF). The malware was observed targeting devices using English, Romanian, and Italian languages, with comments in the code suggesting the authors may be Romanian. Once installed on a victim's device, BingoMod leverages various permissions, including Accessibility Services, to quietly steal sensitive information such as credentials, SMS messages, and current account balances. It shows relatively straightforward functionalities commonly found in most contemporary Remote Access Trojans (RATs), such as HiddenVNC for remote control and SMS suppression to intercept and manipulate communication. Furthermore, BingoMod can disable security solutions or block specific apps. After installation, BingoMod prompts users to activate Accessibility Services under the guise of necessary app functionality. Once activated, it uses keylogging and SMS interception to steal sensitive information like login credentials and transaction authentication numbers. The malware belongs to the modern RAT generation of mobile malware, as its remote access capabilities allow threat actors to conduct ATO directly from the infected device, exploiting the ODF technique. Despite its effectiveness, the emphasis on obfuscation and unpacking techniques suggests that the developers may lack the sophistication or experience of more advanced malware authors.