TangleBot is an information-gathering tool that spreads using COVID-19 lures. Currently, it is only targeting victims in US and Canada only. These fake text messages are regarding COVID-19 regulations, vaccinations and booster doses. The "smishing" message contains a link when clicked on taking users to a malicious website that "inform" the user to install Adobe Flash Plugin to view the message properly. If users install it, TangleBot is in the system. TangleBot takes full control of the android mobile. TangleBot requests access to many permissions allowing for eavesdropping and the exfiltration of sensitive data. These permissions grant the ability for the malware to modify device configuration settings, record user activity and tracking location, and transmit the stolen information back to systems controlled by the threat actor.
Download TangleBot Samples