Security researchers at Proofpoint company Cloudmark have discovered a new fragment of a mobile malware strain spread via SMS that cybercriminals are using to target users in the US and Canada with COVID-19 lures.
The malware has been dubbed Tanglebot because of its multiple levels of obfuscation and how it is able to take control of many tangled device functions, including contacts, SMS and phone capabilities, call logs, Internet access, camera and microphone.
Like the FluBot malware, which remains a threat in Europe and the UK, TangleBot tricks mobile users into downloading malicious software by sending fake COVID-19 warning notifications. While some of the text messages used in the campaign contain information about the rules, others provide details on vaccine booster shots.
- We’ve put together a list of the best malware removal software available
- These are the best endpoint protection software solutions
- Also check out our roundup of the best identity theft protection
As is the case with many phishing campaigns, these messages create a sense of urgency as users want to know how COVID regulations have changed in their area or how to better protect themselves against new variants of COVID. May be interested in the -19 Vaccine Booster Shot. Why virus?
If a user clicks on a link in one of the campaign’s text messages, a website informs them that Adobe Flash Player is out of date and should be updated. After clicking on the latter dialog box, the TangleBot malware is installed on their Android smartphone.
Tanglebot has been granted privileges to access and control multiple device functions as mentioned above. With this access, an attacker can now make and block phone calls, send, receive and process text messages, record using the device’s camera or microphone as well as Can record its screen, overlay screen on device to cover legitimate apps and apply to other devices. Overview Capabilities according to a blog post from Cloudmark.
As company researchers saw with FluBot, TangleBot can overlay banking or financial apps and directly steal a victim’s account credentials. However, an attacker can also use the victim’s device to send messages to other mobile devices to spread their malware even further. Even if a user finds out that Tanglebot is installed on their device and removes it, an attacker cannot access their stolen information for some time, leaving the victim oblivious to the fact It is learned that the credit of his account has been stolen.
To avoid falling prey to Tanglebot and other mobile malware, Cloudmark recommends that users be on the lookout for suspicious text messages from unknown senders and avoid clicking on any links contained in these messages. Also users should avoid installing apps from sources other than Google Play Store or other official app stores.
- We’ve also highlighted the best antivirus