In late May 2024, a new Android Remote Access Trojan (RAT) named BingoMod emerged, aiming to initiate fraudulent money transfers from compromised devices using a technique called On-Device Fraud (ODF). After installation, BingoMod steals sensitive information, conducts overlay attacks, and provides remote control capabilities to threat actors. Once a successful fraud is completed, the infected device is typically wiped clean to hinder forensic investigations. BingoMod targets English, Romanian, and Italian users and employs obfuscation techniques to evade detection. While still in development, it exhibits capabilities similar to other banking trojans like Medusa and Copybara. Author: AlienVault
Related Tags:
T1519
T1527
T1491
T1537
fraud
Banking
Italy
T1518
RAT
Associated Indicators:
D824EB2AD1BDA5AD11DE4D1FDF224AE8348CAEB4
B4156EF9761F51DBAC2D1104946DD3A8
BDBEC1C7C816B61B4EF9C76804D18F47
75BEE41937B00AB466D31BD9E7193B02
516AB57114F204EB24E690F56B9699C1
2788E87B8760EBDEC67BCE21899893D2
41D1D5E16DF294A24E36FD735076EF93
802624F4D0169E949BF40B613824D967
03B486CC13618D806A79D794BA138B43