New Android malware, "TangleBot," hides underneath COVID-19 SMS to infect smartphone users in the United States and Canada.

Android Malware Uses COVID-19 Related SMS to Infect US, Canada Users—How it Works
(Photo : by LAURIE DIEFFEMBACQ/BELGA MAG/AFP via Getty Images)
Illustration picture shows a person receiving an sms announcing a negative result of a Covid-19 test, Thursday 21 January 2021 in Brussels.

The SMS malware that lures in Android users uses text messages related to the COVID-19 vaccination schedule and regulation announcements.

Android Malware on COVID-19 Related SMS

As per CBS News, security analysts discovered the scheme of the TangleBot malware to capitalize on COVID-19 to steal data from its victims.

The executive vice president of cybersecurity ProofPoint, the parent company of Cloudmark, Ryan Kalember, revealed that the TangleBot virus has been infecting Android phones for "weeks" by using such a scheme.

The Proofpoint exec further warned that the wrath of the new malware is possibly already "very widespread."

Kalember also disclosed that the scheme of the malware infection begins by sending text messages about COVID-19 to Android users specifically located in the United States and Canada.

For instance, one of the sample messages talks about the "new regulations about COVID-19 in your region."

The SMS then ends with a link.

Another version of the text message claims that your "third COVID-19 vaccine appointment has been scheduled." Similar to the first one, there is a link provided as well.

The seemingly COVID-19 related link will instead redirect to a prompt that says that the Adobe Flash player on the victim's smartphone needs to be updated.

But instead of installing the latest patch, a virus gets into the device of the victim, Cloudmark further noted.

Read Also: Xiaomi's MIUI Pure Mode Disables Sideloading on Android to Protect Users from Malicious Apps

Android TangleBot Malware: How it Works

According to The Hacker News, Cloudmark researchers gave the moniker "TangeBot" to the recently discovered Android malware due to its ability to take over various entangled smartphone features, such as call logs, camera, microphone, SMS, and even internet access.

Although the malware primarily steals information from its victims, the TangleBot could also access interaction in their financial apps.

The capability of the hackers to record the interaction inside the device is made possible by the "overlay" screen that allows the attackers to create a fake window that logs the banking credentials.

That said, the victims will be tricked, making it seem like they are entering their banking details on the financial app. So, the Android virus could go to the extent of stealing money from your bank accounts.

Kalember further warned that the TangleBot malware is difficult to remove from the infected device.

On top of that, the stolen information from the victim could also help fund the attackers even more as the hackers sell it in the growing market of personal data.

As such, even if the attackers decide not to open your bank accounts. The mined personal information is already worth something for the hackers.

Elsewhere, an Android malware is targeting US and Spain users to steal from their financial apps. 

Plus, here's the list of apps to avoid on Android due to the Joker malware.

Related Article: Joker Malware Returns--Spyware Has Infected Over 500,000 Huawei Users Through Android Apps in April

This article is owned by Tech Times

Written by Teejay Boris

ⓒ 2021 All rights reserved. Do not reproduce without permission.