Concerns as cybercriminals unleash SMS-based Android malware — Nigeria — The Guardian Nigeria News – Nigeria and World News


Data services push MTNN revenue to N1.7tr in 2021, as the firm pays N669.2b taxes

Nigerian Communications Commission (NCC) has alerted Nigerians on a new high-risk Short Messaging Service-based malware, TangleBot, infecting Android mobile devices.

TangleBot employs more or less similar tactics as the recently announced notorious FlutBot SMS Android malware that targets mobile devices. TangleBot equally gains control of the device but in a far more invasive manner than FlutBot.

The disclosure was made in a recent security advisory made available to NCC’s New Media and Information Security Department by the Nigerian Computer Emergency Response Team (ngCERT).

TangleBot is installed when an unsuspecting user clicks on a malicious link disguised as COVID-19 vaccination appointment-related information in an SMS message or information about fake local power outages that are due to occur.

NCC explained that the aim behind both or either of the messages (on COVID-19 or impending power outages) is to encourage potential victims to follow a link that supposedly offers detailed information. Once at the page, users are asked to update applications such as Adobe Flash Player to view the page’s content by going through nine dialogue boxes to give acceptance to different permissions that will allow the malware operators to initiate the malware configuration process.

According to the commission, the immediate consequence is that TangleBot gains access to several different permissions when installed on a device, allowing it to eavesdrop on user communications. The malware then steals sensitive data stored on the device and monitors almost every user activity, including camera use, audio conversations, and location, among others.

Furthermore, the malware takes complete control of the targeted device, including access to banking data, and can reach the deepest recesses of the Android operating system.

“The NCC, therefore, wishes to, once again, urge millions of telecom consumers to be wary of such wiles of cybercriminals, whose intent is to defraud unsuspecting Internet users.”

To ensure maximum protection for Internet users in the country, ngCERT has offered a number of preventive…

Source…