TangleBot Poses Harm To Android Users in US and Canada


As hackers continue to take advantage of the recent pandemic, cybersecurity experts have found a new SMS smishing virus. Dubbed as Tanglebot, it poses harm to Android users in the US and Canada. The malicious effort employs text message that lures to fake COVID-19 rules and vaccination news. It then misleads victims into clicking on a link that can infect their mobile devices with a malicious program. The recently discovered malware strain was used by hackers to steal sensitive and financial information.


Our Cyber Resilience Experts leverage the latest data analytics algorithms based on the Tactics, Techniques, and Procedures (TTPs) that attackers are known to use, while utilizing Machine Learning, Artificial Intelligence, Behavioral Forensic Artifacts, and Threat Intelligence to detect ongoing or zero-day cyberattacks and Advanced Persistent Threats (APTs) and leveraging the latest IOCs to identify the probability of an enterprise compromise.


How TangleBot Operates

The recently discovered mobile device malware tries to mislead Android users into installing malicious software by sending bogus notifications concerning the recent pandemic to their phones. One of the messages found reads as follows: “New regulations about COVID-19 in your region. Read here.” The goal also includes manipulating people into visiting a website. They are socially engineered to click an embedded link that redirects to a bogus site. It will then inform visitors that they need an “Adobe Flash update.” Suppose the user agrees to do so by clicking on the installation button for the update; TangleBot will be installed.

What Kind of Harm Can TangleBot Inflict?

Once present in a mobile device, it will begin taking over functions such as gaining access to the phone book, recording the screen, and activating the device camera and microphone whenever the attacker desires. As TangleBot poses harm to Android users, it can even get access to online banking apps by overlaying the screen on the user’s computer. Later on, the victim’s smartphone will also serve as a device to send the bogus Covid-19 warning to the rest of the world.

TangleBot can fully penetrate a phone if it is successful in its deception attempt. Aside from controlling audio and video from the microphone and camera, it can monitor websites visited. It can also access the collection of entered passwords, extracting data from SMS activity, and any other stored information on the device, all possible with the malicious software. Hackers may also give themselves access to change device configuration settings, allowing attackers to see GPS position data and adjust device configuration settings themselves. The capability acquired by the hackers enables them to conduct complete surveillance and data gathering operations on the target.

TangleBot has many important differentiating characteristics that make it particularly dangerous, including sophisticated behaviors, transmission capabilities, and a robust decryption algorithm for obfuscation. In addition to its spyware and keylogging capabilities, the virus can prevent and make phone calls, which always results in the potential to call premium service numbers in the future. While this is happening, hackers may use voice biometric recognition capabilities to mimic the victim.

TangleBot is similar to other mobile devices attacks in transmission techniques and themes, such as the FluBot SMS virus that targets the United Kingdom and Europe. It also seems to be closely similar to the CovidLock Android ransomware, a type of Android software that promises to offer users a means of locating COVID-19 patients in their immediate surroundings.

How To Stay Safe Against TangleBot

A user should be on the lookout for strange communications and consider carefully before giving their mobile phone numbers to anyone, even businesses. It is also recommended that consumers do not click on the web link given in an SMS from a business unless they are specifically instructed. Instead, they can utilize the browser on their smartphone to immediately visit any website.

If you discover that your mobile device has been compromised by malware, you may initially uninstall it. However, the hacker will not be able to utilize the stolen information for only the time being. It will only lead you to think that nothing has been compromised. Furthermore, users are urged to report any attempts of SMS smishing. Likewise, avoid installing software from sources other than a vendor’s or mobile network operator’s authorized app store.

Preserve the confidentiality of your mobile phone number. Check the implications of providing your mobile phone number to a business or other commercial organization when downloading and installing applications on your smartphone. Always proceed with caution to avoid being caught up in a frenzy like how TangleBot poses harm to Android users. When downloading and installing new applications on your mobile device, take the time to read any installation instructions. Carefully examine any requests for permission to access certain kinds of material before proceeding.

Prohibit also from installing any app from unauthorized app shops. Instead, only trust software on your mobile device inside of a vendor-certified app store or your mobile operator’s app store. Likewise, one the most effective methods to prevent yourself from becoming a victim is to avoid clicking links sent from unknown numbers.



  1. https://www.cloudmark.com/en/blog/mobile/tanglebot-new-advanced-sms-malware-targets-mobile-users-across-us-and-canada-covid-19
  2. https://www.digitalinformationworld.com/2021/09/new-tanglebot-malware-is-targeting.html
  3. https://www.cybernewsgroup.co.uk/tanglebot-malware-reaches-into-android-device-functions/