Mobile malware threats are increasing across the cyber threat landscape. In 2020, 46% of employees encountered mobile device threats. Cyber criminals are using mobile malware to disrupt handsets, to steal personal information, and to turn a profit. According to cyber security researchers, recently emerged mobile malware poses a unique set of advanced threats and challenges.
This malware has been dubbed “TangleBot.” The moniker refers to the obfuscation methods used to take control over entangled device functionalities. Distribution takes place via text message and targets Android owners in Europe and North America.
To gain device access, the malware distributors use coronavirus and electricity-themed lures. One message read, “New regulations about COVID-19 in your region. Read here.” Unsuspecting users are liable to click on these kinds of realistic-looking messages.
TangleBot and Medusa malware
Researchers report that TangleBot shares a set of characteristics with the Medusa malware. At the same time, there are a few key distinguishing features that increase the magnitude of the threat that TangleBot presents. For example, TangleBot uses advanced behaviors and transmission capabilities, along with a string decryption routine that helps to obfuscate its presence.
After device takeover…
Once a device is infected with the malware, hackers can:
- Silently call contacts and block calls.
- Send and receive text messages.
- Record the audio, screen or both, then streaming them to the attacker.
- Place overlay screens on the device, obscuring apps and screens.
- Implement further device observation capabilities.
Cyber security experts advocate for mobile users to remain vigilant while attending to text-message warnings and other unsolicited messages. Best practices to follow include:
- Staying on the lookout for suspicious messages.
- Weighing whether or not to provide a phone number to any enterprise or commercial entity.
- Accessing websites by directly typing a URL into a browser, as opposed to clicking on a link.
- Avoiding response to any unknown enterprise or commercial vendor.
- Reading install prompts (and information about rights and privileges that the app may request) closely ahead of installing new apps.
The TangleBot twist…
While this can occur across numerous attack types, TangleBot operators are known to sit on information for a length of time ahead of selling it on the dark web or using it in other nefarious ways. As a result, those who have been compromised may remain oblivious to the attack for weeks or months and may have trouble pinpointing the attack’s origins.
The TangleBot malware can be problematic for businesses. Many employees now use their personal devices to make business calls or to send and respond to work emails. According to cyber security researchers, in the event that a single employee’s device is infected, the attacker can potentially launch a more widespread attack, harming multiple employees and taking down business operations.
Ensure that your organizations enables employees to stay secure while working from mobile devices. For insights into effectively managing mobile device security, see Cyber Talk’s past coverage. Lastly, to receive cyber security insights, analysis and resources in your inbox each week, sign up for our newsletter.