According to analysts at mobile and email security company Cloudmark, a new type of malware called “TangleBot” by experts uses the new crown epidemic to trick Android users in the U.S. and Canada into clicking a link. Infect their mobile phones.
Cloudmark said that this “smart and complex” malware sends text messages to Android users claiming that their area has the latest COVID-19 guidance, or notifying them that a third COVID-19 vaccination appointment has been scheduled. According to Cloudmark, when users click on the provided link, they will be advised to update their phone’s Adobe Flash player, which instead will install a virus on their phone.
Stay tuned with us via Telegram
“Once this happens, the TangleBot malware can do a lot of different things,” Ryan Kalember, executive vice president of cybersecurity at Cloudmark’s parent company ProofPoint, told CBS News. ” It can access your microphone, it can access your camera, you can By accessing text messages, you can access your call history, your Internet, and your GPS, so it knows where you are.”
Kalember said that hackers have been using TangleBot for “weeks” and its impact is likely to be “very widespread.” Fortunately, the Android system does have some protective measures against this virus. Before downloading malware, the Android system will warn users of the dangers of software from “unknown sources” and will display a series of permission boxes before the phone is infected.
According to Kalember, the TangleBot malware has the ability to display an “overlay” screen to the hacker attack. The screen looks real but is actually a fake window run by the attacker to steal information. These overlapping screens are used to hack into bank credentials because users may think they are logging into their mobile banking while entering their information on a fake screen and then forwarding the information to the hacker.
Moreover, once the malware is installed on the device, it is “difficult to remove it,” Kalember said. The stolen information can be sold for a long time in the future. Hackers who steal identity information in this way often sell it online instead of using it directly. Cloudmark analysts pointed out that in the dark web, “the market for detailed personal and account data is getting bigger and bigger.”
“Infected Android devices can make money in many different ways,” Kalember said. “Even if they don’t commit bank fraud right away, there may be many other ways to make money from these stolen credentials.”
Kalember added that if an Android user discovers the TangleBot malware and deletes it in some way, the attacker can still simply hold the stolen information without taking immediate action to convince the victim that their information has not been compromised.
As criminals “increasingly use cell phone text messages” as a means of attack, Cloudmark stated that users should not respond to unsolicited commercial information and think twice when providing their numbers to commercial entities. Analysts of the network company advise users not to click on any links provided in the text messages and to be vigilant about text messages containing warnings or package delivery notifications.
Kalember emphasized that this discovery does not mean that Android has security vulnerabilities. Cloudmark analysts and engineers work with Google to ensure that the company can detect this threat and warn users.