Home Sms code TangleBot campaign highlights threat of SMS

TangleBot campaign highlights threat of SMS


A malware campaign targeting Android devices in the United States and Canada with compelling text messages and links leading to a downloader has highlighted the danger of SMS spam and phishing, security experts report.

The campaign, dubbed TangleBot, uses coronavirus-themed messages to convince users to click on a link, which leads to websites that attempt to collect sensitive information from the victim, according to researchers at the company. Cloudmark email and email security in a September 23 analysis. The campaign follows attempts by attackers to use SMS phishing, also known as smishing, to commit unemployment insurance fraud in the United States.

Remote working has made SMS attacks easier for scammers in many ways, says Jacinta Tobin, vice president of global sales and operations for Proofpoint’s Cloudmark division.

“Lots of people are now working from home, and this, combined with the fact that it is relatively easy to find employee cell phone numbers, means that mobile messaging and smishing attacks are emerging as a major threat to employees. businesses, ”she said. “With TangleBot, even if a single employee’s device is infected, an attacker can launch a widespread attack or a smishing attack.”

TangleBot was named for its “many levels of obfuscation and control over a myriad of tangled device functions, including contacts, SMS and phone capabilities, call logs, internet access, device photo and microphone ”, Cloudmark indicated in his analysis. The threat allows attackers to make and block calls, send and receive text messages, place screen overlays, and record audio and video.

The phishing campaign is just one part of an emerging trend in SMS phishing, which has jumped 256% in the second half of 2020 from the first half of this year, the latest figures available, according to Tobin.

The attacks have also become more personalized. SMS phishing increasingly uses personal information about the owner of a cell phone number to tailor attacks and make them more convincing. Fake Amazon raffle announcements, fake AT&T refunds, and fraudulent FedEx package delivery notifications are hitting phones all over the world.

In early August, for example, the United States Federal Trade Commission warned Americans that fraudsters had embarked on massive campaigns using UI notifications and asking citizens to correct or verify their information. . The U.S. government will not send text messages asking for personal information, said Seena Gressin, an attorney with the FTC’s Consumer and Business Education Division, said in an August 4 blog post.

“Identity thieves are targeting millions of people across the country with phishing scams aimed at stealing personal information, unemployment benefits or both,” she wrote.

A tangled network of malicious functions
In the case of TangleBot, once the malware compromises a machine, the attacker can monitor many user activities, such as the websites they have visited and the passwords they have entered, as well as record microphone audio and camera video. TangleBot also uses many levels of obfuscation to make scanning difficult, such as placing code in hidden files, piling up files with unused code, and removing spaces from code – a technique known as minification.

“The capabilities also allow the theft of considerable personal information directly from the device and through the camera and microphone, spying on the victim,” Cloudmark’s analysis said. “Collecting personal information and credentials in this way is extremely difficult for mobile users, as there is a growing market on the dark web for detailed personal and account data.”

TangleBot does not exploit loopholes in the Android system, but it socially engineers users to click through multiple dialogs. Depending on the configuration of the Android device, up to nine different dialogs and security alerts would have to be clicked to complete the software installation. Although at first glance such a chain of notifications seems sufficient, experience has shown that users have become accustomed to clicking on warnings.

“Based on what we’ve seen recently with similar mobile malware attacks, such as the FluBot attacks that have been active in the UK and Europe, users tend to ignore the multiple warnings and permissions and continue to download and install software from untrusted sources, ”said Proofpoint. Tobin said.

Not all attacks on messaging apps require so many steps. Other attackers have found ways to use vulnerabilities in messaging applications, on Apple and Android phones, to carry out click-less or one-click attacks, in which all you have to do is receive a malicious message or click on a device. link in a message to compromise the device. .

Cloudmark recommends that users question every text message, especially those coming from an unknown number or claiming to be a known company. Additionally, users should not click on the link in the post – instead, they should go directly to the alleged company’s site.

So far, the TangleBot attack has not led to other malware, such as ransomware or account fraud, but Proofpoint expects attackers to add functionality. While the increase in SMS spam and phishing may seem significant in the United States, the United Kingdom and the European Union have a worse problem, says Tobin. A UK subscriber is 15 times more likely to receive a smishing message than a US subscriber, she says.

“As we see growth in all regions of the world, the good news is that US carriers have been much faster in securing their networks with technology to block these attacks,” she said.

Source link


Please enter your comment!
Please enter your name here