Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity NewswireCybersecurity News

New malware uses COVID-19 lure to target Android users

malware-cyber-crime-freepik.jpg
September 29, 2021

Security researchers from Cloudmark have discovered a new piece of mobile malware strain spread via SMS that cybercriminals are using to target users across the U.S. and Canada with COVID-19 lures.


TangleBot uses SMS text message lures with content about COVID regulations and the third dose of COVID vaccines to trick mobile subscribers into downloading malware that compromises the security of the device and configures the system to allow for the exfiltration of confidential information to systems controlled by the attacker(s). 


The malware has been given the moniker TangleBot because of its many levels of obfuscation and control over a myriad of entangled device functions, including contacts, SMS and phone capabilities, call logs, internet access, and camera and microphone.

TangleBot can overlay banking or financial apps, directly steal the victim’s account credentials, and use the victim’s device to message other mobile devices spreading throughout the mobile network. Researchers say the capabilities also enable the theft of considerable personal information directly from the device and through the camera and microphone, spying on the victim.


Harvesting of personal information and credentials in this manner is exceptionally troublesome for mobile users because there is a growing market on the dark web for detailed personal and account data, Cloudmark says. Even if the user discovers the TangleBot malware installed on their device and can remove it, the attacker may not use the stolen information for some time, rendering the victim oblivious of the theft.


Hank Schless, Senior Manager, Security Solutions at Lookout, a San Francisco, Calif.-based endpoint-to-cloud security company, explains, “Tanglebot is the latest in a constant stream of malicious mobile apps that target individuals with social engineering and convince targets to download malware. Malware like this, which is broadly applicable, is usually blasted out en masse to mobile users through messaging platforms like SMS, third-party messaging apps, and social media. Earlier this year, FluBot ran rampant across Europe. It was delivered through SMS and posed as a parcel delivery alert, only to ask the victim to download an app that’s laced with this dangerous banking trojan.


Campaigns like this are often built with artifacts of previously-used malware. Leveraging a security solution with massive data supporting it is key to keeping ahead of these types of malicious campaigns. Thanks to its dataset of security telemetry from over 200 million devices and 150 million mobile apps, the Lookout Security Graph automatically detected this malware as Medusa and pushed coverage to Lookout customers without anyone needing to lift a finger. 


Social engineering that uses the pandemic as a lure continues to be a major issue globally. At the start of the pandemic, between Q4 of 2019 and Q1 of 2020, Lookout data shows a 30% jump of both enterprise and consumer users that encountered at least one phishing link. Upon further investigation, most of the phishing links being used at that time had something to do with the pandemic. It’s advantageous for attackers to leverage socially uncertain situations to make their phishing campaigns more effective. People are more likely to let their guard down and interact with something online that promises information they need. For example, at the start of the pandemic, lots of attacks used lures around closures, government aid, and contact tracing to trick people into downloading malware or giving up login credentials for sensitive data. 


Now, a year later, Lookout data shows a 55% increase in mobile phishing exposure from Q4 of 2020 to the entire first half of 2021. Attackers are coming full circle and using the same tactics with slightly different lures in order to spread malware. Now, there are messages around vaccines, the Delta variant, and re-opening information that attackers know their targets crave. 

 Phishing, especially on mobile, is a massive headache for enterprise security teams. Mobile devices offer countless channels for attackers to deliver socially engineered phishing campaigns to swipe corporate login credentials or install advanced malware that can exfiltrate sensitive data from the device. For organizations that allow employees to use personal devices for work in a BYOD model, the risk is even higher considering the number of individual apps people use. Attackers can deliver campaigns through SMS, social media, third-party messaging apps, gaming and even dating apps. 


While IT and security teams know this is a challenge, they often have difficulty solving the problem because they need to secure both personal and work-enabled devices without violating end-user privacy. With personal privacy at the top of everyone’s mind, organizations need to leverage security solutions to protect both managed and unmanaged devices without violating employee privacy. 


Attackers also primarily use mobile phishing as a jumping-off point. Once they’ve stolen login credentials, they’re free to log in from any device. They’ll often hop over to their laptops and try to log into many standard cloud-based services such as Google Workspace, Office 365, AWS, Workday, or Salesforce with that employee’s compromised credentials. Once they’re inside the infrastructure, the attacker can move laterally and start to find out where the crown jewels are hidden. From there, they can encrypt that data to execute a ransomware attack or exfiltrate it for sale on the dark web. This attack chain is why organizations need to have visibility and access control for users, their devices, the apps they want to access, and the data stored within them. 


To keep ahead of attackers who want to leverage this attack chain, organizations everywhere should implement security across mobile devices with mobile threat defense (MTD), protect cloud services with cloud access security broker (CASB), and implement modern security policies on their on-prem or private apps with Zero Trust Network Access (ZTNA). A security platform that can combine MTD, CASB, and ZTNA in one endpoint-to-cloud solution that also respects end-user privacy regardless of the type of device they’re on is a crucial part of implementing zero trust across the infrastructure and keeping ahead of the latest cybersecurity threats.”

KEYWORDS: cyber security information security malware mobile security risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cybersecurity
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Technologies & Solutions
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Coding on screen

Research reveals mass scanning and exploitation campaigns

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Piano keys

    A new malicious email campaign uses piano-themed scams to lure targets

    See More
  • SEC0919-Mobile-Feat-slide1_900px

    New spyware used by sextortionists to blackmail iOS and Android users exposed by Lookout

    See More
  • SEC0320-cyber-feat-slide1_900px.jpg

    Lookout Research: Nation-State Mobile Malware Targets Syrians with COVID-19 Lures

    See More

Related Products

See More Products
  • databasehacker

    The Database Hacker's Handboo

See More Products

Events

View AllSubmit An Event
  • March 6, 2025

    Why Mobile Device Response is Key to Managing Data Risk

    ON DEMAND: Most organizations and their associating operations have the response and investigation of computers, cloud resources, and other endpoint technologies under lock and key. 
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing