Hackers have put a new spin on an old malware deployment trick by fooling people into clicking dangerous links, disguised as important COVID info…
Malware is an ever-present threat. It’s virtually impossible to keep track of all these malicious campaigns. This makes it much more difficult to find new threats. But, some become so large, infecting so many devices, and victimizing so many consumers, they actually stand out. One such example is FluBot, which used bogus missed package messages to distribute a phishing app. Now, there’s another, but with a new twist.
New Android Malware Targets Victims with Fake COVID-19 Vaccine Information
Recently, Cloudmark security experts warned the public about a “clever and complicated new SMS malware attack.” Just like FluBot, the new malware, known as TangleBot also uses text messages to target potential victims, attempting to trick them into clicking on dangerous links. However, the biggest difference is the content of the fake messages.
Instead of trying to fool people into thinking they’ve missed an important package, TangleBot uses COVID-19 as a scam cover. Some of these communications contain false new COVID regulations. Others attempt to convince recipients they have an upcoming vaccine appointment. If the targets click on the link, it triggers an alert to update Adobe Flash Player. Clicking through installs TangleBot.
Once downloaded, the TangleBot malware allows hackers to make and block phone calls. Send, obtain, and process text messages. Record the camera, screen, or microphone audio or stream them directly to the attacker. Place overlay screens on the device covering legitimate apps and screens. And, implement other device observation capabilities. Hackers can also steal victims’ accounts, harass their contacts, and more.