This new SMS smishing malware is targeting Android mobile users

TangleBot malware campaign tries to lure potential victims with Covid-19 lures

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Security researchers fromProofpointcompany Cloudmark have discovered a new piece of mobilemalwarestrain spread via SMS that cybercriminals are using to target users across the US and Canada with Covid-19 lures.

The malware has been dubbed TangleBot because of its many levels of obfuscation and how it is able to control a multitude of entangled device functions including contacts, SMS and phone capabilities, call logs, internet access, camera and microphone.

Just like with theFluBotmalware which continues to be a threat in Europe and the UK, TangleBot tries to trick mobile users into downloading malicious software by sending out fake Covid-19 warning notifications. While some of the text messages used in the campaign contain information about regulations, others provide details on vaccine booster shots.

As is the case with many phishing campaigns, these messages create asense of urgencyas users may want to know how Covid regulations have changed in their region or they may be interested in a Covid-19 vaccine booster shot to better protect themselves against new variants of the virus.

TangleBot malware

If a user does happen to click on the link contained in one of the campaign’s text messages, a website appears notifying them thatAdobe Flash Playeris out of date and must be updated. Clicking on the subsequent dialog boxes then installs the TangleBot malware on theirAndroid smartphone.

TangleBot is then granted privileges to access and control numerous devices functions as mentioned above. With this access, an attacker can now make and block phone calls, send, obtain and process text messages, record using the device’s camera or microphone as well as record its screen, placeoverlay screenson the device to cover legitimate apps and implement other device observation capabilities according to ablog postfrom Cloudmark.

Just like the company’s researchers observed with FluBot, TangleBot can overlay banking or financial apps and directly steal a victim’s account credentials. However, an attacker can also use a victim’s device to message other mobile devices to spread their malware even further. Even if a user discovers TangleBot is installed on their device and removes it, an attacker may not use their stolen information for some time which renders the victim oblivious to the fact that their account credentials have been stolen.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

To avoid falling victim to TangleBot and othermobile malware, Cloudmark recommends that users be on the lookout for suspicious text messages from unknown senders and avoid clicking on any links these messages may contain. Also users should avoid installing apps from sources besides theGoogle Play Storeor other official app stores.

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

New fanless cooling technology enhances energy efficiency for AI workloads by achieving a 90% reduction in cooling power consumption