Complex new SMS malware discovered
Cell phone users in Canada and the United States are being targeted by a new and advanced form of SMS malware that lures victims with COVID-19-related content.
This complex malware named Tanglebot by Cloudmark threat analysis because of its multiple levels of obfuscation, can directly obtain personal information, control device interaction with apps and overlay screens, and steal account information from financial activities initiated on the device.
How it works?
TangleBot sends SMS text messages themed around coronavirus regulations and third doses of COVID vaccines known as booster shots to entice users into downloading malware. Victims who take the lure unwittingly download malware that compromises the security of their device and configures the system so that confidential information can be exfiltrated to systems controlled by the attacker(s).
TangleBot can overlay banking or financial apps and directly steal the victimโs account credentials.
TangleBot can use the victimโs device to message other mobile devices, spreading throughout the mobile network.
Complete control over the infected device
The malware allows the threat actor(s) to control everything including contacts, SMS and phone capabilities, call logs, internet access, and camera and microphone on an infected device and employs multiple levels of obfuscation to keep its presence hidden from the device's user.
Examples of few SMS messages
The messages sent as part of the malware campaign appear to be warnings or appointment notifications. One such SMS contained the text "New regulations about COVID-19 in your region. Read here:" followed by a malicious link.
Another preceded a malicious link with the statement: "You have received the appointment for the 3rd dose. For more information visit:"
Users who click on the link are taken to a website where they are notified that the Adobe Flash Player software on their device is out of date and must be updated for them to proceed. If the user clicks on the subsequent dialog boxes, TangleBot malware is installed on the Android device.
https://www.infosecurity-magazine.com/news/complex-new-sms-malware-discovered/
#tanglebot #malware #sms #covid
Cell phone users in Canada and the United States are being targeted by a new and advanced form of SMS malware that lures victims with COVID-19-related content.
This complex malware named Tanglebot by Cloudmark threat analysis because of its multiple levels of obfuscation, can directly obtain personal information, control device interaction with apps and overlay screens, and steal account information from financial activities initiated on the device.
How it works?
TangleBot sends SMS text messages themed around coronavirus regulations and third doses of COVID vaccines known as booster shots to entice users into downloading malware. Victims who take the lure unwittingly download malware that compromises the security of their device and configures the system so that confidential information can be exfiltrated to systems controlled by the attacker(s).
TangleBot can overlay banking or financial apps and directly steal the victimโs account credentials.
TangleBot can use the victimโs device to message other mobile devices, spreading throughout the mobile network.
Complete control over the infected device
The malware allows the threat actor(s) to control everything including contacts, SMS and phone capabilities, call logs, internet access, and camera and microphone on an infected device and employs multiple levels of obfuscation to keep its presence hidden from the device's user.
Examples of few SMS messages
The messages sent as part of the malware campaign appear to be warnings or appointment notifications. One such SMS contained the text "New regulations about COVID-19 in your region. Read here:" followed by a malicious link.
Another preceded a malicious link with the statement: "You have received the appointment for the 3rd dose. For more information visit:"
Users who click on the link are taken to a website where they are notified that the Adobe Flash Player software on their device is out of date and must be updated for them to proceed. If the user clicks on the subsequent dialog boxes, TangleBot malware is installed on the Android device.
https://www.infosecurity-magazine.com/news/complex-new-sms-malware-discovered/
#tanglebot #malware #sms #covid
Infosecurity Magazine
Complex New SMS Malware Discovered
Researchers detect advanced SMS malware targeting cell phone users with COVID-19 lures