"TangleBot Malware Reaches Deep into Android Device Functions"

Researchers at Cloudmark have discovered a new Android malware called TangleBot.  According to the researchers, the newly discovered mobile malware is spreading via SMS messaging in the U.S. and Canada, using lures about COVID-19 boosters and regulations. The goal is to social-engineer targets into clicking on an embedded link, which takes them to a website. The site tells users they need an “Adobe Flash update.” If they click on the subsequent dialog boxes, TangleBot malware installs.  The malware has been given the moniker TangleBot because of its many levels of obfuscation and control over a myriad of entangled device functions, including contacts, SMS and phone capabilities, call logs, internet access, GPS, and camera and microphone.  TangleBot grants itself privileges to access and control all of the above.  The researchers stated that attackers can manipulate the incoming voice call function to block calls and can also silently make calls in the background, with users none the wiser.  The researchers also noted that TangleBot can also send, obtain and process text messages for SMS fraud, two-factor authentication interception, self-propagation to contacts, and more.  The malware also has deep spyware capabilities, with the ability to record or directly stream the camera, screen, or microphone audio directly to the attacker, along with “other device observation capabilities,” according to Cloudmark. Gaining access to the GPS functionality, for example, creates the potential for location-tracking.  The researchers also noted that the malware can take stock of installed applications and interact with them and place overlay screens on top of them to harvest credentials in the style of a banking trojan.

Threatpost reports: "TangleBot Malware Reaches Deep into Android Device Functions"