Heimdal
article featured image

Contents:

A new SMS smishing malware that targets Android mobile users in the U.S. and Canada has been discovered by cybersecurity researchers.

The malicious campaign uses text message lures related to COVID-19 regulations and vaccine news to trick victims into clicking on a link that will infect their mobile devices.

Analysts at the mobile and email security company Cloudmark dubbed the malware TangleBot and according to them, hackers use this new form of malware in an attempt to steal confidential and banking information.

The malware has been given the moniker TangleBot because of its many levels of obfuscation and control over a myriad of entangled device functions, including contacts, SMS and phone capabilities, call logs, internet access, and camera and microphone.

Source 

Not only that the malware is able to gain private data, but it can also overlay banking or financial apps and directly steal the victim’s account credentials.

tanglebot malware

Source

How Does It Work?

The attacks start with text messages that pose as COVID regulations and the third dose of COVID vaccines appointment confirmations content, urging subscribers to click on the link in the message. Then a website appears informing the victim that their Adobe Flash player is out-of-date and requires updates.

As soon as the user decides to “update” the software, the TangleBot malware gets installed on the Android device.

What Happens Next?

Following the fake update, the TangleBot malware can now access and manage functions such as contacts, SMS and phone capabilities, call logs, internet, camera, and microphone, and the location service and the hackers can:

  • intercept phone calls;
  • send and receive text messages;
  • record the camera, screen, or microphone audio or stream them directly to the cybercriminals;
  • implement other device observation capabilities.

Source

What Can Users Do?

Cloudmark advises users to pay attention to suspicious messages and think twice before providing their mobile phone numbers to companies.

If users receive an SMS from a company that includes a web link, they shouldn’t click on the link provided in the text message. Instead, use their device’s browser to access the firm’s website directly.

The users are also advised to report any attempt of SMS phishing and spam and avoid the installation of software that’s outside a certified app store from the vendor or Mobile Network Operator.

Author Profile

Antonia Din

PR & Video Content Manager

linkedin icon

As a Senior Content Writer and Video Content Creator specializing in cybersecurity, I leverage digital media to unravel and clarify complex cybersecurity concepts and emerging trends. With my extensive knowledge in the field, I create content that engages a diverse audience, from cybersecurity novices to experienced experts. My approach is to create a nexus of understanding, taking technical security topics and transforming them into accessible, relatable knowledge for anyone interested in strengthening their security posture.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE