[MART] - Daily Diary #354 - TangleBot, A New Android Spyware

CTAS-MAT ctas-mat at appgate.com
Thu Sep 23 21:16:05 UTC 2021 

Hello,

I hope everyone is doing well!

Below is the entry for today.

09/23/2021 - Diary entry #354:


A new Android malware named TangleBot has been discovered being spread via SMS in the U.S. and Canada. The smishing texts are comprised of lures related to COVID-19 regulations or a supposed 3rd shot vaccine appointment. TangleBot's objective is to steal personal and financial data by monitoring the activities initiated and controlling the device interaction with apps.


Once the victim visits the smishing link, the page alerts that their Adobe Flash player is out-of-date and must be updated. The update, of course, is actually TangleBot. After it's installed, TangleBot requests permissions to access call logs, camera and microphone, contacts, internet, GPS, and SMS. As soon as the permissions are granted, TangleBot operators are able to start monitoring and interacting with those functionalities, and message other mobile devices on the victim's contacts list to spread the threat.


Besides acting like spyware, TangleBot can also overlay apps to steal credentials and personal information. Overlaying screens onto applications is a very common technique among malware to lure victims into giving their credentials. We covered several of these threats using this technique on our Daily Diaries, such as the S.O.V.A banking trojan, Vultur, FluBot, TeaBot, Brata, among others threats targeting either Mobile or Desktop devices.


To defend from threats like TangleBot, it is important to not install anything from links visited via unknown SMS messages, or apps being delivered through unofficial/third-party app stores, and to always pay attention to dangerous permissions any kind of application is requiring.

Kind Regards,

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png]<https://www.appgate.com/>

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>



Felipe Tarijon de Almeida
Malware Analyst
Appgate

E: felipe.tarijon at appgate.com<mailto:felipe.tarijon at appgate.com>
O: +55 11 97467 9549

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.immunityinc.com/pipermail/mart/attachments/20210923/3d743a8d/attachment.htm>

More information about the MART mailing list