New SMS malware targets Android users through fake COVID messages

3 years ago 373

Dubbed TangleBot, the malware tin overlay fiscal apps with its ain screens successful an effort to bargain your relationship credentials, says Cloudmark.

mobile-malware.jpg

Image: iStock/CarmenMurillo

A caller and devious SMS malware run is trying to infect radical via their mobile devices by promising details astir COVID-19. Aimed astatine Android users successful the U.S. and Canada, the malware known arsenic TangleBot tin marque and artifact telephone calls, nonstop substance messages, and overlay malicious screens connected a compromised device, said a new study from information steadfast Cloudmark.

SEE: Top Android information tips (free PDF) (TechRepublic)

As cybercriminals proceed to exploit the coronavirus pandemic, TangleBot attempts to instrumentality Android users into downloading malicious bundle done phony messages astir COVID-19. One connection discovered by Cloudmark says: "New regulations astir COVID-19 successful your region. Read here."

sms-malware-phony-covid-message1-cloudmark.jpg

Image: Cloudmark

Another connection says: "You person received the assignment for the 3rd dose. For much information, visit…"

sms-malware-phony-covid-message2-cloudmark.jpg

Image: Cloudmark

"Social engineering that uses the pandemic arsenic a lure continues to beryllium a large contented globally," said Hank Schless, elder manager for Security Solutions astatine information steadfast Lookout. "It's advantageous for attackers to leverage socially uncertain situations successful bid to marque their phishing campaigns much effective. People are much apt to fto their defender down and interact with thing online that promises accusation they need."

Clicking connected the nexus successful either connection tells you that the Adobe Flash Player connected your instrumentality is retired of day and indispensable beryllium updated. If you instrumentality the bait and click connected immoderate of the follow-up dialog boxes, the TangleBot malware is installed connected your Android device.

Once installed, TangleBot is granted support to entree and power a assortment of features and contented connected your telephone oregon tablet, including contacts, SMS and telephone capabilities, telephone logs, net access, camera and microphone access, and GPS. The malware was named TangleBot specifically due to the fact that it tin power truthful galore antithetic functions and bash truthful with respective levels of obfuscation, according to Cloudmark.

With the indispensable access, the criminals down the onslaught tin execute immoderate of the pursuing tasks:

  • Make and artifact telephone calls.
  • Send, get and process substance messages.
  • Record the camera, surface oregon microphone audio oregon watercourse them directly.
  • Place overlay screens connected the instrumentality covering morganatic apps.
  • Set up different methods to observe enactment connected the device.

The quality to overlay screens that screen morganatic apps is peculiarly troublesome. TangleBot tin overlay banking oregon fiscal apps with its ain screens arsenic a mode to bargain your fiscal relationship credentials. Accessing the camera and microphone is besides worrying arsenic it gives the attacker the means to spy connected you. Further, the malware tin usage your instrumentality to connection different devices arsenic a mode to spread.

Any idiosyncratic accusation stolen by the attacker typically wends its mode to the Dark Web wherever buyers are anxious to scoop up specified delicate data. Even if a unfortunate is capable to region the TangleBot malware, criminals whitethorn not usage the stolen accusation for immoderate time, truthful you whitethorn stay astatine risk.

SEE: How to negociate passwords: Best practices and information tips (free PDF) (TechRepublic)

"Mobile devices connection countless channels for attackers to present socially engineered phishing campaigns with the extremity of swiping firm login credentials oregon installing precocious malware that tin exfiltrate delicate information from the device," Schless said. "For organizations that let employees to usage idiosyncratic devices for enactment successful a BYOD model, the hazard is adjacent higher considering the fig of idiosyncratic apps radical use. Attackers tin present campaigns done SMS, societal media, third-party messaging apps, gaming and adjacent dating apps." 

To assistance mobile users support themselves from SMS malware, Cloudmark offers respective tips.

  • Look retired for suspicious substance messages. Attackers progressively are utilizing mobile messaging and SMS phishing to transportation retired attacks.
  • Guard your mobile number. Consider the imaginable consequences earlier you supply your mobile telephone fig to an endeavor oregon different commercialized entity.
  • Access immoderate linked website directly. If you get a substance from immoderate enterprise, particularly 1 with a informing oregon transportation notification that has a webpage link, don't click connected that link. Instead, unfastened your browser to entree the company's website directly. Similarly, instrumentality immoderate connection codes you person successful a connection and participate them straight successful the company's website to spot if they're legitimate.
  • Report SMS phishing and spam messages. If you get a spam message, usage the spam reporting diagnostic successful your messaging app if it has one. Alternatively, guardant spam substance messages to 7726, which spells "SPAM" connected your phone's keypad.
  • Be cautious erstwhile installing apps to your device. When downloading and installing caller programs to your mobile device, work immoderate installation prompts archetypal and cautiously reappraisal immoderate requests for support to entree definite types of content.
  • Avoid responding to unsolicited texts. Don't respond to unsolicited endeavor oregon commercialized messages from a vendor oregon institution you don't recognize. Doing truthful often simply confirms that you're a "real person."
  • Install apps lone from morganatic app stores. Don't instal bundle connected your mobile instrumentality extracurricular of a certified app store from the vendor oregon your mobile operator.

Schless besides has immoderate tips of his own.

"To support up of attackers who privation to leverage this onslaught chain, organizations everyplace should instrumentality information crossed mobile devices with mobile menace defence (MTD), support unreality services with unreality entree information broker (CASB) and instrumentality modern information policies connected their on-prem oregon backstage apps with Zero Trust Network Access (ZTNA)," Schless said.

"A information level that tin harvester MTD, CASB and ZTNA successful 1 endpoint-to-cloud solution that besides respects end-user privateness careless of the benignant of instrumentality they're connected is simply a cardinal portion of implementing zero spot crossed the infrastructure and keeping up of the latest cybersecurity threats."

Cybersecurity Insider Newsletter

Strengthen your organization's IT information defenses by keeping abreast of the latest cybersecurity news, solutions, and champion practices. Delivered Tuesdays and Thursdays

Sign up today

Also see

Read Entire Article