Tag: Android

New Android malware targetting with fake COVID-19 information

29. October 2021

Last month, TechRepublic reported a new and devious SMS malware called TangleBot that attempts to take control of mobile devices by sending notifications about COVID-19. Currently, it targets Android users in the USA and Canada and can lead to a variety of harmful activities, according to security firm Cloudmark.

TangleBot tries to deceive users into downloading the malware through fake messages about COVID-19, such as “New regulations about COVID-19 in your region. Read here…” or “You have received the appointment for the 3rd dose. For more information, visit…”.

The link contains a notice that the Adobe Flash Player on the affected device needs to be updated but leads to the installation of the malicious software instead. As a result, TangleBot gets permission to access and control a wide range of functions and content. It is assumed that for this reason, the malware was named TangleBot.

TangleBot has the ability to make and block phone calls as well as send, obtain and process text messages. It is used to message other devices in order to spread faster among others. The malware is also designed to spy on users through accessing the camera, screen or microphone and setting up additional methods to observe activity on the device. Of particular concern is the possibility to place overlay screens on the device covering legitimate apps, such as banking or financial apps, in an attempt to steal account credentials. Furthermore, the personal data stolen by the attacker usually moves to the dark web for sale, which poses a risk even if the victim manages to remove the malware.

Hank Schless, senior manager for security solutions at security firm Lookout, pointed out the dangers of cybercriminals exploiting the pandemic:

Social engineering that uses the pandemic as a lure continues to be a major issue globally. It’s advantageous for attackers to leverage socially uncertain situations in order to make their phishing campaigns more effective. People are more likely to let their guard down and interact with something online that promises information they need.

According to Schless, the risks exist not only for private individuals, but also for companies:

Mobile devices offer countless channels for attackers to deliver socially engineered phishing campaigns with the goal of swiping corporate login credentials or installing advanced malware that can exfiltrate sensitive data from the device. For organizations that allow employees to use personal devices for work in a BYOD model, the risk is even higher considering the number of personal apps people use. Attackers can deliver campaigns through SMS, social media, third-party messaging apps, gaming and even dating apps.

Additionally, Cloudmark advised that users should be vigilant in this regard and provided several tips to protect against SMS malware:

  • Look out for suspicious text messages,
  • Guard your mobile number,
  • Access any linked website directly,
  • Report SMS phishing and spam messages,
  • Be cautious when installing apps to your device,
  • Avoid responding to unsolicited texts,
  • Install apps only from legitimate app stores.

To keep ahead of the latest cybersecurity threats, companies should also take some precautions. These include especially the implementation of security across mobile devices, protection of cloud services and raising awareness among own employees.

Android apps share sensitive information with Facebook

14. December 2018

According to the German information portal mobilsicher.de, about 30 % of all Android apps contact Facebook as soon as you start them. This also includes apps that are directly related to religion, sexual orientation or health. The user has usually no idea of this connection.

Mobilsicher.de tested out several Android app versions, which were available in the Play-Store on November 29, 2018. For example the Apps of the German political parties CDU and SPD.

App developers integrate so-called Software Development Kits (SDK) into their apps because they include the helpful “Facebook Analytics” function. This function provides the app operator with information on how users use the app. Facebook, on the other hand, receive the user’s advertising ID, which is individually assigned to each smartphone and, if available, can link this ID to the corresponding Facebook account. This leads to the fact that someone who has downloaded for example a pregnancy guide app now getting ads for baby clothes displayed on Facebook.

Facebook accesses user data even if they do not have a Facebook account at all. Upon request, the company confirmed that it is not clear to the user which data is transferred to Facebook. A tool called “Clear History”, announced by Mark Zuckerberg in May 2018, which should help this lack of transparency, is still not available.

Facebook itself does not consider this type of collecting data a problem, as users would have the option of opting out of personalized advertising and deactivating it either on their smartphone or in their Facebook account.

„If a person utilizes one of these controls, then Facebook will not use data gathered on these third-party apps (e.g. through Facebook Audience Network), for ad targeting”, the company replied to the question of whether the information would be deleted after the transfer. If someone decides against personalized advertising, Facebook still transfers the data, but with a corresponding note. Nevertheless, the user’s data will be collected.