Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Tom’s Guide
Tom’s Guide
Technology
Anthony Spadafora

Dangerous new Android malware drains your bank accounts and completely wipes your device — how to stay safe

Green skull on smartphone screen.

Having your bank accounts drained by hackers is bad enough but a new Android malware is taking things a step further by completely wiping your phone clean afterwards.

As reported by BleepingComputer, this new malware strain has been dubbed “BingoMod” by the security researchers at the online fraud management company Cleafy who first discovered it back in May of this year.

Like other dangerous malware, this one is designed to steal your hard-earned cash by accessing your financial accounts. However, BingoMod is capable of performing on-device fraud (ODF) which allows the hackers behind it to easily bypass anti-fraud systems.

If you have one of the best Android phones and don’t want to end up with an empty bank account and a completely wiped phone, here’s everything you need to know about this new malware strain and what to look out for to help you stay safe.

Committing on-device fraud

(Image credit: Shutterstock)

In their report on the matter, Cleafy’s researchers explain that the new BingoMod malware is currently being spread through phishing messages sent via text. 

In order to get potential victims to open and interact with them, these malicious messages use a variety of names which closely resemble actual Android security software. For example, some of these phishing texts use the icon for AVG AntiVirus Free which is available on the Google Play Store.

When a potential victim does try to install one of these malicious apps, BingoMod asks for permissions for Android’s Accessibility Service which is often abused by mobile malware strains to gain even greater control over an infected smartphone.

From here, BingoMod steals login credentials, takes screenshots and intercepts any text messages sent to the now compromised Android device. However, in order to perform on-device fraud, it also establishes a socket-based channel to receive commands along with an HTTP-based channel to send screenshots back to hackers behind this malware.

By obtaining real-time screen content from an infected device, it’s much easier for BingoMod to bypass anti-fraud systems that use identity verification and authentication since they are using a victim’s actual smartphone and not just their credentials. In fact, the malware actually gives cybercriminals a great deal of command over an infected Android phone; they can click on a particular area, write text anywhere they want and launch apps. 

At the same time, BingoMod also allows hackers to launch manual overlay attacks by using fake notifications. Finally, to make matters worse, a smartphone infected with BingoMod can use text messages to spread onto other vulnerable phones.

Bypassing antivirus apps and wiping phones clean

If all that wasn’t scary enough, BingoMod can also remove the best Android antivirus apps from an infected smartphone as well as block the activity of any apps the hackers behind this malware specify in a command.

To help it evade detection, BingoMod’s creators have added code-flattening and string obfuscation layers. Even the popular malware analyzation service VirusTotal couldn’t detect this new Android malware.

As for wiping an infected phone clean, if the malware is registered on the device as a device admin app, a hacker can send a remote command to wipe its system. However, Cleafy’s researchers point out in their report that this is only done after a successful transfer and only impacts a phone’s external storage. 

Still though, a complete wipe is possible if a hacker uses this ability to erase all of a device’s data and then resets the phone via system settings.

How to stay safe from Android malware

(Image credit: Google)

Even with all of these advanced capabilities, BingoMod actually still appears to be in an early development stage which means it could become even more dangerous later on. At the moment though, it is only being used to target Android phones owned by English, Romanian and Italian-speaking users.

Since BingoMod can bypass Android antivirus apps and evade detection, the only way to stay safe is by avoiding the malicious text messages used in this campaign altogether. If you do get an unsolicited message from someone you don’t know, you need to be very careful. Don’t click on any links it may contain and likewise, you shouldn’t respond to it either.

In a statement to Tom's Guide, a Google spokesperson explained that the search giant's built-in antivirus app Google Play Protect can help protect Android smartphones from this new malware threat, saying:

"Android users are automatically protected against known versions of this malware by Google Play Protect, which is on by default on Android devices with Google Play Services. Google Play Protect can warn users or block apps known to exhibit malicious behavior, even when those apps come from sources outside of Play."

As BingoMod is still in active development, this likely isn't the last we've heard of this new Android malware. However, if you're extra careful online and avoid interacting with text messages from unknown senders, you can avoid having your bank accounts drained and your smartphone wiped by hackers.

More from Tom's Guide

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.