RELATED: If You Hear This When You Answer the Phone, Hang Up Immediately. Android users are getting targeted by a new malware known as “TangleBot,” according to the mobile and email security company Cloudmark. As CBS News reported on Sept. 23, TangleBot is being sent to Android users in the U.S. and Canada by one of two text messages: one message claims to have the latest COVID guidance for their area, while the other informs them that their third vaccine dose has been scheduled, and both include a link. Neither of these messages are valid, and if a user clicks on the link attached to the texts, they will be prompted to update their phone’s Adobe Flash Player. However, the “update” will instead download the malware onto your Android. “They are using incredibly fresh lures that all map to the sorts of things that we’re hearing about in the news with COVID, whether we are talking about the booster or other things that you are likely to see on the front page of whatever news site you go to,” Ryan Kalember, the executive vice president of cybersecurity at Cloudmark’s parent company ProofPoint, told CBS News. If you accidentally download the TangleBot malware to your phone, scammers can become privy to a lot of your stored information. “The TangleBot malware can do a ton of different things,” Kalember said. “It can access your microphone, it can access your camera, it can access SMS, it can access your call logs, your internet, [and] your GPS so it knows where you are.” Fortunately, users are typically warned by their phone before they attempt to download the malware. According to CBS News, Android users are warned about the dangers of downloading software from “unknown sources” and a series of permission boxes are displayed before your phone is infected with TangleBot. And for more safety news and tips sent right to your inbox, sign up for our daily newsletter. Once the malware is on your phone, it’s practically unrecognizable since Tanglebot has the capability of showing hacked users an overlay screen that looks like what they’re used to seeing, while a fake window is being run by hackers to steal your information, according to Kalember. For instance, you might think you are logging onto your mobile banking site, but you could actually be typing your information onto a hidden screen that is being monitored by hackers. “I would hope that [users] would remember the Adobe Flash prompt but after that, they probably won’t see very much from TangleBot,” Kalember told CBS News. “Like most pieces of mobile malware, it is relatively stealthy in terms of its appearance.” RELATED: If You Use This Popular Phone, You Could Lose All Your Photos Next Week. According to Cloudmark, hackers have been using TangleBot for weeks now, so they predict its reach could be “very widespread” at this point. And once the malware is installed on a device, “it is pretty hard to remove it,” Kalember warned.ae0fcc31ae342fd3a1346ebb1f342fcb Cloudmark is advising users not to respond to any unsolicited commercial messages and refrain from clicking on any link provided in text messages, as hackers are “increasingly using mobile messaging” to attack smartphone users. “[It’s] exploiting the user’s vulnerability,” Kalember told CBS News. “You are basically being tricked into installing the attacker’s code.” RELATED: This Is the Least Trusted Cell Phone Carrier in the U.S., According to Data.
