A dangerous Android SMS malware has been using fake COVID-19 notifications to spread in the US and Canada.
Security firm Cloudmark has issued a report on the new malware, dubbed TangleBot. The malware is particularly dangerous, as it allows the attackers a significant degree of information access and control over the compromised device.
TangleBot uses SMS text message lures with content about COVID regulations and the third dose of COVID vaccines to trick mobile subscribers into downloading malware that compromises the security of the device and configures the system to allow for the exfiltration of confidential information to systems controlled by the attacker(s). The malware has been given the moniker TangleBot because of its many levels of obfuscation and control over a myriad of entangled device functions, including contacts, SMS and phone capabilities, call logs, internet access, and camera and microphone.
Until a security patch is released, Cloudmark recommends users not respond to unsolicited enterprise or commercial text messages. Users should not click on any links in such text messages. If a users believes the text may be legitimate, it’s still safer to manually enter the address in a web browser, rather than click on the link in the text.