The new-Malware TangleBot uses a keylogger to steal information entered on websites. Also, it can monitor the victim’s location and secretly record audio and video.
The campaign was detailed by Proofpoint’s cybersecurity researchers. They find that the first bait came in the form of text messages disguised as information about Covid-19 vaccination dates and regulations.
Another new form of Android malware called FluBot is spread via text messages with the aim of tricking victims into clicking a malicious link, allowing cybercriminals inadvertently to gain complete control of the device and steal personal and banking information.
The malware, called TangleBot, first appeared in September and, once installed, gains access to many different permissions required to eavesdrop on communications and steal sensitive data, including the ability to monitor all user activity, use the camera , Listen to audio, monitor the location of the device, and much more. Users in the United States and Canada are currently affected.
In either case, the potential victim will be asked to follow a link related to the subject of the lure for more information. If you do, you will be told that you have theNeed to update Flash Player to view the content of the website you are looking for. Adobe ended support for Flash in December 2020, and it hasn’t been supported on mobile devices since 2012, but many users are likely not aware of this.
When the victims click the link, they are taken through a series of nine dialog boxes asking them to accept the permissions and installation from unknown sources that allow the cyber attackers to set up and configure the malware .
TangleBot gives the attackers full control over the infected Android device and allows them to monitor and record all user activities, including knowing websites visited, stealing usernames and passwords using a keylogger, and recording audio and video recordings using a microphone and Camera.
The malware can also monitor data on the phone, including messages and stored files, as well as GPS location, what the researchers call “extensive monitoring and tracking capabilities”.
Text messaging has become a common vector for malware spreading, with the FluBot malware being particularly noticeable in recent months. FluBot often spreads through text messages claiming the victim missed a delivery and, like TangleBot, it lures users into downloading malware that enables cybercriminals to steal confidential information. The two forms of malware are unlikely to originate from the same cybercriminal group, but the success and strength of the two shows that SMS has become an attractive means of spreading campaigns.
“If the Android ecosystem has shown us anything this summer, it is that the Android landscape is full of clever social engineering, overt scams, and malicious software, all of which aim to deceive mobile users and give them money and to steal other sensitive information, ”the Proofpoint researchers said in a blog post. “These schemes can be very compelling, playing with fears or emotions that lead users to be careless,” they added.