BingoMod RAT, discovered by Cleafy, wipes devices post-fraudulent money transfers, making detection challenging and is attributed to Romanian-speaking threat actors.
The Android trojan leverages Remote Access (RAT) capabilities to perform Account Takeover (ATO) directly from infected devices, adopting the on-device fraud (ODF) technique.
It employs self-destruction much like BRATA to erase evidence of fraudulent transfers, though limited to external storage, with potential for initiating factory resets through remote access.
BingoMod masquerades as antivirus tools and Google Chrome updates, gaining accessibility permissions to execute malicious activities, intercept SMS, and steal sensitive data for exfiltration.
#bingomod-rat #android-malware #account-takeover #self-destruction-mechanism #romanian-speaking-threat-actors
Collection
[
|
...
]