Android malware rapidly spreading through SMS messages: TangleBot creators sending fake COVID alerts with weaponized links

TangleBot Android Malware Virus Smartphone
The TangleBot Android malware is nasty. Pic credit: Christiaan Colen/Flickr

A relatively new Android malware is rapidly spreading across the United States of America and Canada. The TangleBot virus uses some standard deception to lure victims into clicking a weaponized link loaded with the malicious payload.

A powerful malware for Android smartphones is gaining new ground using COVID alerts. These obviously fake alerts contain a simple link, which acquires, installs, activates dangerous apps.

New malware lures victims in the U.S. with COVID-related SMS messages and asks them to click on a link to update Adobe Flash Player:

Mobile and email security company Cloudmark has confirmed that the TangleBot Android malware is actively targeting smartphone users in the United States and Canada. The tactics to deploy the virus are fairly standard and common, but its actions are very sinister.

The TangleBot Android malware currently attempts to infect devices by running a mass messaging campaign through the SMS platform. The messages either claim to have the latest COVID guidance for the victim’s area or claims to schedule a dose for the vaccine.

Needless to mention, neither of the SMS messages are legitimate, but both of them have a link. If a victim inadvertently clicks on the link, the malware asks to update ‘Adobe Flash Player’.

It is important to note there is no Adobe Flash Player as the platform is officially dead, killed by the parent company. The “update”, will, however, download the TangleBot malware.

TangleBot Android malware can perform several malicious actions on a smartphone to steal data, control apps and functions:

Ryan Kalember, the executive vice president of cybersecurity at Cloudmark’s parent company ProofPoint, has confirmed that the TangleBot malware is quite potent. It can spread its tentacles deep within the victim’s Android device.

“The TangleBot malware can do a ton of different things. It can access your microphone, it can access your camera, it can access SMS, it can access your call logs, your internet, [and] your GPS so it knows where you are.”

TangleBot reportedly grants itself privileges to access and control all of the above. The malware can even fool Android smartphone users by splashing a familiar overlay screen.

The possibilities are endless with such a simple obfuscation technique. Victims could inadvertently give away their usernames and passwords. The malware can take stock of installed applications and interact with them, noted one of the researchers:

“The ability to detect installed apps, app interactions, and inject overlay screens is extremely problematic. As we have seen with FluBot, TangleBot can overlay banking or financial apps and directly steal the victim’s account credentials….The capabilities also enable the theft of considerable personal information directly from the device.”

Despite the serious security and privacy threat, simple practices can defeat the TangleBot Android malware. Do not click on any links in an SMS. Download apps from reputed and trusted sources.

Incidentally, the Android operating system does have several warnings that can alert users. If suspicious about a link, do not proceed.

Notify of
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x