KEY POINTS

  • The malware is called Tanglebot
  • It was first seen in September
  • It targets Android users in the U.S. and Canada

There's new Android malware that infiltrates devices by posing as a COVID-19 vaccination appointment message. It then takes full control of the infected gadgets, stealing information like the users' passwords and banking details.

Dubbed Tanglebot, the malware can reportedly track the location of a user once their device is infected. It can also monitor and record a user's activity by hacking their camera and secretly listening through their device's microphone.

First spotted in September, Tanglebot targets users in the United States and Canada. It takes advantage of the SMS platform to invade Android devices, reported ZDNet.

The malware preys on unsuspecting users by disguising itself as an SMS claiming to contain COVID-19 vaccination details. It lures the recipient to get more information by clicking on the link provided in the SMS.

Once the user falls into the trap, they are led to a page that requires them to update Adobe Flash Player. Since a lot of people aren't aware that Adobe has not been supported on mobile devices since 2012 and has stopped supporting Flash since 2020, several users simply agree to get the supposed update.

During the installation process, several dialogue boxes appear on the screen, asking the Android user to accept terms and grant the app certain permissions. One of the dialogue boxes seeks permission to allow Adobe Flash Player to have full control of the device.

What the user does not know, however, is that by granting such permission, they are actually allowing cybercriminals to have full access to their Android device. At this point, hackers already have a complete range of surveillance and data collection capabilities, which let them spy on the user's activities and steal their information.

According to Proofpoint, a lot of Android users are vulnerable to malware attacks because they tend to continue downloading apps from unknown sources despite receiving multiple security warnings on their devices. It's the same behavior that put a lot of people at risk during the recent Flubot outbreak.

Since cybercriminals have been relying on mobile messaging as a method of attack these days, users should avoid responding to unsolicited commercial messages and exercise caution when providing their contact information to commercial entities. They should also avoid clicking on any link included in text messages and be vigilant of those that contain warnings or notifications about parcel delivery, software company Cloudmark said as per CBS News.

NSO Group's Pegasus software has triggered controversy with allegations it has been used hack into the phones of journalists and rights defenders
NSO Group's Pegasus software has triggered controversy with allegations it has been used hack into the phones of journalists and rights defenders AFP / JOEL SAGET