Hi everyone,

I wanted to bring your attention to a dangerous new Android threat called BingoMod that has recently surfaced. This remote access trojan (RAT) is particularly nasty because it not only steals your sensitive information but also wipes your device clean after performing fraudulent transactions, making it difficult to trace.

How It Works:

  • Phishing SMS: BingoMod is spread through SMS messages posing as security apps.
  • Malicious Permissions: The app tricks users into granting Accessibility Services, allowing it to access and steal your personal data.
  • Device Wipe: After the malware accomplishes its goal, it wipes your device to cover its tracks.

How to Protect Yourself:

  1. Stick to Official App Stores: Only download apps from the Google Play Store. Avoid sideloading apps from unknown sources.
  2. Check Developer Information: Always review the developer’s credentials and app reviews. If anything looks suspicious, don’t install it.
  3. Restrict Permissions: Be wary of apps asking for unnecessary permissions, especially those requesting Accessibility Services.
  4. Avoid Clicking Links in SMS: Never click on links in unsolicited messages. Always use official app stores to download or update apps.
  5. Enable Google Play Protect: Make sure Google Play Protect is enabled to help detect and block malicious apps.

Google is working on enhancing security features with Android 15, including live threat detection. However, these proactive steps are crucial to protect your device until then.

All the best,

Stephen