Android users in Canada and USA urged to be more vigilant following new malware threat.

23RD SEPTEMBER 2021- A new malware referred to as “TangleBot” is targeting Android users in USA and Canada under the pretence of offering the latest COVID-19 guidance for their area or a prebooked third COVID-19 vaccine.   

Implemented as a link sent by the malware under the guise of offering further COVID guidance or a supposed booking of a third covid vaccination, once the target clicks the link provided, the target is asked to update their phone’s Adobe Flash Player. Instead, however, a virus is installed on the target’s phone according to Cloudmark, a mobile and email security company.  

The consequences are severe if the malware is successfully installed, as expressed in detail by Ryan Klamber, the executive vice president of cybersecurity for Cloudmark’s parent company ProofPoint, who stated that “it can access your camera, it can access SMS, it can access your call logs, your internet, your GPS so it knows where you are”.  

According to Klamber, TangleBot has been used for “weeks” by hackers and that the reach of its impact could be extensive.  

Nevertheless, Android users are offered some level of protection. Prior to the installation of the malware, the user will be notified of potential danger that may follow from the ‘unknown sources’ of the software. Before the user is able to install the malware, multiple permission boxes will appear prior to infection.  

Once installed, the malware will present an ‘overlay’ screen on its victim’s screen. This screen will appear credible however instead, it is a fake screen which the hackers will use to steal information. These overlays are used to prevent arising suspicious as the threat actors hack into their victim’s mobile banking features. As users believe that are simply logging into their mobile banking app, these login details unbeknownst to them are relayed to the hackers.    

The installed malware is difficult to remove, and the stolen information can be utilised and sold without the victim’s knowledge or consent. Usually, hackers opt for selling their target’s personal data in return for large sums of profit as “there is a growing market for detailed personal and account data” on the dark web, as stated by Cloudmark analysts. 

Further added by Klamber, if the target is somehow successful in removing the TangleBot malware, the attackers can still have the stolen information in their possession. They may not act on it initially with the hope of luring their victims into a false sense of security in believing that their information was not compromised.  

In response to criminals “increasingly using mobile messaging” to attack, Cloudmark has advised users to refrain from responding to unsolicited commercial messages or messages from unknown numbers and to re-consider before providing their numbers to such messages. Users were also advised to avoid clicking on provided links and to be cautious of package delivery information or ‘warning’ messages. 

 Klamber emphasized that this discovery is not reflective of a security flaw in Android formats and additionally, Cloudmark analysts and engineers have collaborated with Google to guarantee the company’s ability to detect and warn users.