In an eloquent way: Cybersecurity analysts recently discovered a variant of Android malware that they named “TangleBot.” The malicious program is sophisticated and is capable of hijacking the majority, if not all, of the functions of a smartphone. Once the phone is infected, it is transformed into the ultimate surveillance device.
Researchers from Proofpoint have discovered that TangleBot has been targeting users via texts to Android phones in both the U.S. and Canada. The messages are disguised as Covid-19 regulations and a booster shot information, and also include messages that could be related to power outages, and encourage users to click on a link to a page that indicates that an Adobe Flash update is required.
If the dialog boxes are chosen then the malicious website will download the malware on the phone. The attackers rely on the users’ ignorance of Adobe ending Support to Flash on December 20, 2020, and the fact that Flash isn’t supported for mobile devices since.
If successful in its attempt to deceive, TangleBot can then completely penetrate the phone. The malware is able to control audio and video via the camera and microphone as well as view sites visited, gain access to the database of passwords entered as well as extract data from SMS messages and any documents stored within the phone. TangleBot may also give itself the ability to alter settings for device configuration and allow attackers access to GPS information about the location.
The capabilities gained by hackers basically provide complete surveillance capabilities and data collection. TangleBot offers a number of distinctive characteristics that make it particularly dangerous, such as advanced behavior such as transmission capabilities, as well as an encryption routine for strings to aid in the purpose of obfuscation.
Alongside its keylogging capabilities and spyware, in addition, it is able to block calls and even make them which will eventually lead to the risk of calling premium services. The biometric capabilities of voice are, however, utilized to impersonate the victim.
The report mentioned that the complexity that is evident in TangleBot stands against other forms of malware.
The latest technology employed to conceal the functionality and function of trojan software within multiple layers of obfuscation is what gave rise to the term TangleBot. The methods used include hiding .dex files with functional and modular design characteristics such as minified code, huge amounts of code that is not used.
Android trojans and malware are becoming more commonplace on Google’s Operating System and not just via texts that smartphones are at risk of being hacked. GriftHorse is a trojan that GriftHorse virus was successfully installed into official apps to be used on Google Play and other third-party apps which allowed it to infect over 10 million devices and to steal thousands of dollars.
This is a concerning situation for Android which is echoed in the conclusion of the researcher of the research report.
“If it’s true that the Android ecosystem has taught us something this summer, it’s that the Android landscape is filled with sophisticated social engineering, openly fraudulent, and malicious software designed to fool and get mobile users’ money as well as other personal information,” said the team. “These methods can appear convincing and can play on anxieties or feelings that lead users to drop their guards.”
The comments are clearly explained in Eset’s most recent report that Android malware is increasing across several threat domains.