A relatively new Android malware is rapidly spreading across the United States of America and Canada. The TangleBot virus uses some standard deception to lure victims into clicking a weaponized link loaded with the malicious payload.
A powerful malware for Android smartphones is gaining new ground using COVID alerts. These obviously fake alerts contain a simple link, which acquires, installs, activates dangerous apps.
New malware lures victims in the U.S. with COVID-related SMS messages and asks them to click on a link to update Adobe Flash Player:
Mobile and email security company Cloudmark has confirmed that the TangleBot Android malware is actively targeting smartphone users in the United States and Canada. The tactics to deploy the virus are fairly standard and common, but its actions are very sinister.
If you are an Android user you need to be aware of a new malware known as “TangleBot”. The “clever and complicated” malware sends Android users an Sms,which instead installs a virus that takes over the phone functionalities.#ITSecurityEssentials #CyberSecurity #infosec pic.twitter.com/6aS3Cn3Xwx
— Pauline. (@kot_hacker) September 24, 2021
The TangleBot Android malware currently attempts to infect devices by running a mass messaging campaign through the SMS platform. The messages either claim to have the latest COVID guidance for the victim’s area or claims to schedule a dose for the vaccine.
Needless to mention, neither of the SMS messages are legitimate, but both of them have a link. If a victim inadvertently clicks on the link, the malware asks to update ‘Adobe Flash Player’.
"TangleBot sends two types of messages laced with malware.
First is the message saying, "New regulations about COVID-19 in your region." Second is a message saying, "You have received the appointment for the 3rd dose (vaccine appo…https://t.co/Gs4FFDTzuK https://t.co/FDieVIEEbI
— Robin (@_QueenofStaves) September 24, 2021
TangleBot Android malware can perform several malicious actions on a smartphone to steal data, control apps and functions:
Ryan Kalember, the executive vice president of cybersecurity at Cloudmark’s parent company ProofPoint, has confirmed that the TangleBot malware is quite potent. It can spread its tentacles deep within the victim’s Android device.
“The TangleBot malware can do a ton of different things. It can access your microphone, it can access your camera, it can access SMS, it can access your call logs, your internet, [and] your GPS so it knows where you are.”
CBS News shares the story of a new form of #malware known as "TangleBot," discovered by our Cloudmark researchers, that's tricking #Android users with #COVID19 lures that will infect their cell phones. https://t.co/gI7Q9fhxdd
— joe sykora (@joeyfns) September 24, 2021
TangleBot reportedly grants itself privileges to access and control all of the above. The malware can even fool Android smartphone users by splashing a familiar overlay screen.
The possibilities are endless with such a simple obfuscation technique. Victims could inadvertently give away their usernames and passwords. The malware can take stock of installed applications and interact with them, noted one of the researchers:
“The ability to detect installed apps, app interactions, and inject overlay screens is extremely problematic. As we have seen with FluBot, TangleBot can overlay banking or financial apps and directly steal the victim’s account credentials….The capabilities also enable the theft of considerable personal information directly from the device.”
Researchers have discovered an especially nasty Android malware strain called TangleBot capable of stealing personal data, controlling apps, and more. https://t.co/y5lEw5STMM
— Adam Levin (@Adam_K_Levin) September 24, 2021
Despite the serious security and privacy threat, simple practices can defeat the TangleBot Android malware. Do not click on any links in an SMS. Download apps from reputed and trusted sources.
Incidentally, the Android operating system does have several warnings that can alert users. If suspicious about a link, do not proceed.