A new Android malware called TangleBot has weaseled its way into the vast cyber threat landscape. Researchers warned that it could perform a handful of ill-intended actions, such as stealing personal data and controlling apps and device functions.
The New Android Malware Uses COVID-19-Themed Lures
Cloudmark researchers noted that the freshly discovered mobile malware spreads through SMS messaging in the U.S. and Canada and uses lures like COVID-19 boosters and regulations.
The purpose of the phishing scam is to engage social engineering techniques to trick targets into clicking an embedded link, which then directs them to a website. The website falsely claims that users need an “Adobe Flash Player update.” Once they click on the subsequent dialog boxes, TangleBot malware installs onto the device.
TangleBot – A Closer Look
TabgleBot is similar to other mobile malware in propagation and theme, such as the FluBot SMS malware that targets the U.K. and Europe or the CovidLock Android ransomware, an Android app that claims to help users find nearby COVID-19 patients. However, according to Cloudmark researchers, its wide-ranging access to mobile device functions makes it stand out from the crowd.
“The malware has been given the moniker TangleBot because of its many levels of obfuscation and control over a myriad of entangled device functions, including contacts, SMS and phone capabilities, call logs, internet access, [GPS], and camera and microphone,” they explained in a Thursday post.
In order to dig that deep into Android’s internal business, TangleBot grants itself privileges to access and control all of the above. Unfortunately, this means that hackers would now complete freedom to launch attacks with an astounding variety of goals.
For example, hackers could block calls and silently make calls in the background against the user’s knowledge. This can ensure the perfect circumstances for a fraud where the victim is charged a high rate for making a call to a hacker-controlled telephone number.
The newly discovered Android malware is also capable of sending, intercepting, and processing text messages for SMS phishing attacks, two-factor authentication interception, self-propagation to the victim’s contacts, and so on.
TangleBot also features spyware capabilities, with the ability to use the camera, screen, and microphone for recording or streaming, along with “other device observation capabilities,” according to Cloudmark. Obtaining access to GPS functionality, for instance, can help a stalker track the user’s location.
Researchers also noted that the Android malware could seize control of the installed apps and interact with them, as well as display overlay screens on top of them to collect credentials, much like a banking trojan.
“The ability to detect installed apps, app interactions and inject overlay screens is extremely problematic,” researchers noted. “As we have seen with FluBot, TangleBot can overlay banking or financial apps and directly steal the victim’s account credentials….The capabilities also enable the theft of considerable personal information directly from the device.”
TangleBot can be a severe issue for business, given the fact that employees often use their personal devices for work-related purposes.
To stay away from threats such as TangleBot, Couldmark advises mobile users to practice safe messaging and never click on links in texts, even if they seem to come from a trusted contact. Users should also be cautious when downloading apps or files and read install prompts in detail. And last but not least, they should avoid procuring any software from somewhere other than certified app stores.
“Harvesting of personal information and credentials in this manner is extremely troublesome for mobile users because there is a growing market on the Dark Web for detailed personal and account data,” according to Cloudmark.
ATTACK Simulator’s Security Awareness Training program will help you enrich your employees’ cybersecurity knowledge with up-to-date security best practices to keep your company safe from scammers and avoid potentially irreparable damage.