A new smishing malware, named TangleBot, has kept stealing financial and personal information from victims. It targets Android mobile users based in the U.S. and Canada with SMS text message lures with COVID-19 regulations and vaccine details.

The malware comes with multiple levels of obfuscation and controls numerous entangled device functions, such as contacts, SMS/phone capabilities, internet access, call logs, microphones, and cameras.

Attackers send an SMS message enclosing links to new regulations related to Corona Virus or confirmation for an appointment of a third vaccine dose. If clicked, notify users that their Flash player has become obsolete and must be updated leading to the installation of the Tanglebot malware onto the Android phone.

Attackers can take over communication between an infected device and banking and financial apps. They use overlay screens to steal account credentials from financial actions started on the devices amd other monitoring activities.

These other things include sending/receiving text messages, recording the camera, screen, microphone audio, and streaming them directly to the attacker. These enable the operators to turn the malware into complete spyware.

TangleBot is an active malware that has already been used to target victims in North America and other regions. It steals banking information, which is a hot commodity in underground markets. Users need to be wary of suspicious SMSes and avoid clicking on any links from unknown sources without adequate security in place.