Recently, cyber security analysts discovered a type of Android malware called “TangleBot”. This malware is very complex and can hijack most of the phone's functions. Once infected, the phone becomes the latest spy/stalking device.
Proofpoint researchers note that TangleBot targets users by sending text messages to Android devices in the US and Canada. SMS messages such as Covid-19 regulations and image-enhanced information, along with blackout messages, are hidden and encourage victims to click a link to a site that indicates an Adobe Flash update is required.
If the checkboxes are checked, the malware will be installed on the smartphone. Attackers rely on users ignoring Adobe to stop support for Flash in December 2020, and the fact that it hasn't been supported on mobile devices since 2012.
If successful, TangleBot can hack the whole phone. This malware can control audio and video from your microphone and camera, websites visited, access a set of typed passwords, and extract data from SMS activity and any content stored on the device. TangleBot can also allow itself to change device configuration settings and allow attackers to view GPS location data. TangleBot provides some key distinguishing features that pose a threat, including advanced behaviors, portability capabilities, and string decryption procedures for obscurity. It inevitably leads to the possibility of requesting superior services. At the same time, biometric voice recognition capabilities can be used to impersonate the victim.
The report notes that the complexity observed in TangleBot highlights itself among other forms of malware.
“Features related to keylogging functionality, overlay, and data purification are common behaviors in any malware arsenal. However, TangleBot distinguishes itself with advanced behaviors and portability, while featuring the latest developments in malware that attempts to block biometric audio systems. Authentication security.. One final component of TangleBot not found in the original Medusa is the use of advanced string decryption to mask and mask malware behavior.”
The advanced technology used to mask the target. And performing the malware feature under many obscure layers is what led to TangleBot. These methods include hidden .dex files, modular and functional design features, minified code, and large amounts of unused code.
Permissions Request TangleBot . Image credit: Proofpoint
Android malware and Trojans are becoming increasingly common on Google's operating system, and text messages alone cannot reveal your smartphone. The GriftHorse malware has been successfully integrated into officially authorized apps of Google Play and third-party app stores, allowing it to infect more than 10 million devices and steal tens of millions of dollars.
This is a worrying situation for Android, and it was reflected in the researcher's closing statement in the report.
"If the Android ecosystem has shown us anything this summer, it's that the Android landscape is riddled with clever social engineering, blatant scams, and malware all to deceive and steal money from mobile users and other information." It is designed to be sensitive. “These designs can look very compelling and may influence fears or feelings that cause users to ignore their care. Threat areas.
New Android malware can completely invade phones, steal data, record and track users