The Nigerian Communications Commission (NCC) has again been informed of a new high-risk, critical and Short Messaging Service-based malware, TangleBot, which infects Android mobile devices.
A statement by the Director, Public Affairs, Dr. Ikechukwu Adinde indicates that TangleBot employs more or less similar tactics as the recently-announced notorious FlutBot SMS Android malware that targets mobile devices; stressing that TangleBot equally gains control of the device but in a far more invasive manner than the FlutBot malware.
The disclosure on TangleBot, the statement says was made in a recent security advisory made available to the Commission’s New Media and Information Security Department by the Nigerian Computer Emergency Response Team (ngCERT).
While noting that TangleBot Android malware is installed when an unsuspecting user clicks on a malicious link disguised as COVID-19 vaccination appointment-related information in an SMS message or information about fake local power outages that are due to occur; it reveals that the immediate consequence is that TangleBot gains access to several different permissions when installed on a device, allowing it to eavesdrop on user communications; The malware then steals sensitive data stored on the device and monitors almost every user activity, including camera use, audio conversations, and location, among other things.
Telecom consumers and other Internet users are advised to refrain from opening Uniform Resource Locators (URLs) from unknown sources while using their mobile devices and should never respond or send a reply to messages or call back a phone number that is associated with the text that they are unaware of; the statement added