While simply having funds withdrawn from your bank account by hackers is bad enough, new Android malware takes things a step further by subsequently erasing your phone entirely.

As reported by BleepingComputer, the new malware was dubbed "BingoMod" by security researchers at online fraud management firm Cleafy.

Like other dangerous malware, it aims to access financial accounts and steal hard-earned cash. However, BingoMod is capable of on-device fraud (ODF), which allows the hackers behind it to easily bypass fraud prevention systems.

If you have one of the best Android phones and don't want to have an empty bank account and a completely erased phone, here is everything you need to know about this new malware strain and what to watch out for to keep you safe.

In their report on the matter, Cleafy researchers explain that the new BingoMod malware is currently being spread through phishing messages sent via text.

To entice potential victims to open and interact with the messages, these malicious messages use various names that closely resemble actual Android security software. For example, some of these phishing emails use the icon of AVG AntiVirus Free, which is available in the Google Play store.

When a potential victim attempts to install one of these malicious apps, BingoMod will request permission to Android's accessibility services, which are often exploited by mobile malware strains to gain even greater control over infected smartphones which is often exploited by mobile malware strains to gain even greater control.

From here, BingoMod steals login credentials, takes screenshots, and intercepts text messages sent to infected Android devices. However, it also establishes a socket-based channel to receive commands, along with an HTTP-based channel to send screenshots back to the hacker behind this malware in order to commit fraud on the device.

By retrieving real-time screen content from the infected device, BingoMod makes it much easier to bypass fraud prevention systems that use identity verification and authentication, since it uses the victim's actual smartphone, not just their credentials. In fact, the malware allows cybercriminals to manipulate infected Android phones at will. They can click on certain areas, write text anywhere they want, and launch apps.

At the same time, BingoMod also allows hackers to launch manual overlay attacks with fake notifications. Finally, and even worse, BingoMod-infected smartphones can spread to other vulnerable phones via text messages.

BingoMod can also remove the best Android antivirus apps from infected smartphones and block the activity of apps specified on command by the hackers behind this malware.

To avoid detection, BingoMod's creators added code flattening and string obfuscation layers. Even VirusTotal, a popular malware analysis service, failed to detect this new Android malware.

One way to completely wipe an infected phone is if the malware is registered on the device as a device management app, hackers can send remote commands to wipe the system. However, Cleafy researchers point out in their report that this is only done after a successful transfer and only affects the phone's external storage.

Still, complete erasure is possible if a hacker uses this feature to erase all data on the device and resets the phone through system settings.

Even with such advanced features, BingoMod appears to actually still be in its early development stages. At the moment, however, it is only being used to target Android phones owned by English, Romanian, and Italian-speaking users.

Since BingoMod is able to bypass Android anti-virus apps and evade detection, the only way to stay safe is to completely avoid the malicious text messages used in this campaign. If you do receive an unsolicited message from someone you don't know, be extremely careful. Do not click on the link and do not reply.

In a statement to Tom's Guide, a Google spokesperson explained that the search giant's built-in antivirus app Google Play Protect helps protect Android smartphones from this new malware threat, stating:

"Android users are automatically protected from known versions of this malware by Google Play Protect, which is turned on by default on Android devices with the Google Play service. Google Play Protect is a malicious apps that are known to behave in a malicious manner, and can warn or block users.

This will not be the last we hear of this new Android malware, as BingoMod is still actively being developed. However, if one is very careful online and avoids interacting with text messages from unknown senders, one can avoid having one's bank account withdrawn or smartphone erased by hackers.