TangleBot, a new high-risk, critical, and Short Messaging Service-based malware, has infected Android mobile devices, according to the Nigerian Communications Commission (NCC).
TangleBot uses tactics that are similar to those used by the renowned FlutBot SMS Android virus that was recently announced. TangleBot takes control of the device in a similar way as FlutBot, but in a significantly more intrusive way.
The Nigerian Computer Emergency Response Team disclosed TangleBot in a recent security advice sent to the Commission’s New Media and Information Security Department (ngCERT).
When an unwary user clicks on a malicious link disguised as COVID-19 vaccination appointment-related information in an SMS message or information about upcoming false local power outages, the TangleBot Android virus is deployed.
The goal of both (or any) of the messages (on COVID-19 or predicted power shortages) is to entice potential victims to click on a link that purports to provide detailed information. After arriving at the page, users are prompted to update apps such as Adobe Flash Player in order to see the content by clicking through nine (9) dialogue boxes to approve various permissions that will allow malware operators to begin the malware configuration process.
When TangleBot is installed on a device, it obtains access to a variety of permissions, allowing it to listen in on user conversations. The software then collects personal data from the smartphone and keeps track of practically every user action, including camera use, audio conversations, and location.
Furthermore, the malware takes entire control of the targeted device, including access to banking information, and can penetrate the Android operating system’s darkest recesses.
As a result, the NCC would like to remind Nigeria’s millions of telecom users to be aware of cyber criminals’ schemes to swindle unwary Internet users.
The ngCERT has proposed a variety of preventive actions for consumers to follow in order to ensure maximum protection for Internet users in the country.
These precautions include a warning to telecom customers and other Internet users not to open Uniform Resource Locators (URLs) from unknown sources while on their mobile devices.
Additionally, telecom customers should never respond to messages or call a phone number associated with a text message that they are ignorant of. If a telecom customer or Internet user is inquisitive about the validity of a call or message and wants to investigate the situation, they can run a web search for both the phone number and the message content.
The NCC reminds mobile users that they must employ safe messaging habits and avoid clicking on any links in texts, even if they appear to be from a trusted source. Indeed, while downloading apps, it’s crucial to read the install instructions carefully, seeking for information about the app’s permissions and privileges.
ngCERT also recommends that users avoid downloading software from sources other than an authorized app store. It is recommended that you call the firm directly rather than using the phone number provided in the message, especially if the message is spoofing a corporation. Finally, any event of system compromise should be reported to ngCERT at email@example.com for support and technical help.
The Commission pledges to keep mobile phone subscribers and Internet users in Nigeria informed and educated about cyber threats in whatever shape they may take. This is to protect them from the risks and losses that come with any type of cybercrime.