In a nutshell: Cybersecurity analysts recently discovered a strain of Android malware they dubbed “TangleBot.” The malicious software is highly sophisticated and capable of hijacking most if not all of a phone’s functions. Once infected, the phone becomes the ultimate spying/stalking device.
Proofpoint researchers note that TangleBot targets users by sending text messages to Android devices in the U.S. and Canada. The SMS messages are disguised as Covid-19 regulations and booster shots information, along with messaging related to potential power outages, encouraging victims to click a link to a site that shows an Adobe Flash update is required.
If the dialogue boxes are selected, the malicious site will install the malware onto the smartphone. The attackers are dependent on users being oblivious to Adobe stopping its support for Flash in December 2020 and the fact that it hasn’t been supported on mobile devices since 2012.
If successful in its deception, TangleBot can then completely infiltrate the entire phone. The malware can control audio and video from the microphone and camera, view websites visited, access the collection of typed passwords, extract data from SMS activity and any stored content on the device. TangleBot can also grant itself permission to modify device configuration settings and allow attackers to view GPS location data.
The functionality gained by the hackers essentially delivers total surveillance and data collection capabilities. TangleBot provides some key distinguishing features that make it especially threatening, including advanced behaviors, transmission abilities, and a string decryption routine for obfuscation.
In addition to its spyware and keylogging abilities, the malware can block and make calls, inevitably leading to the possibility of dialing premium services. Voice biometric identification capabilities, meanwhile, could be used to impersonate the victim.
The report noted that the level of complexity seen in TangleBot makes itself stand out among other forms of malware.
“Characteristics relating to keylogging functionality, overlay ability, and data exfiltration are routine behaviors in…