Tag: Phishing

New Android malware targetting with fake COVID-19 information

29. October 2021

Last month, TechRepublic reported a new and devious SMS malware called TangleBot that attempts to take control of mobile devices by sending notifications about COVID-19. Currently, it targets Android users in the USA and Canada and can lead to a variety of harmful activities, according to security firm Cloudmark.

TangleBot tries to deceive users into downloading the malware through fake messages about COVID-19, such as “New regulations about COVID-19 in your region. Read here…” or “You have received the appointment for the 3rd dose. For more information, visit…”.

The link contains a notice that the Adobe Flash Player on the affected device needs to be updated but leads to the installation of the malicious software instead. As a result, TangleBot gets permission to access and control a wide range of functions and content. It is assumed that for this reason, the malware was named TangleBot.

TangleBot has the ability to make and block phone calls as well as send, obtain and process text messages. It is used to message other devices in order to spread faster among others. The malware is also designed to spy on users through accessing the camera, screen or microphone and setting up additional methods to observe activity on the device. Of particular concern is the possibility to place overlay screens on the device covering legitimate apps, such as banking or financial apps, in an attempt to steal account credentials. Furthermore, the personal data stolen by the attacker usually moves to the dark web for sale, which poses a risk even if the victim manages to remove the malware.

Hank Schless, senior manager for security solutions at security firm Lookout, pointed out the dangers of cybercriminals exploiting the pandemic:

Social engineering that uses the pandemic as a lure continues to be a major issue globally. It’s advantageous for attackers to leverage socially uncertain situations in order to make their phishing campaigns more effective. People are more likely to let their guard down and interact with something online that promises information they need.

According to Schless, the risks exist not only for private individuals, but also for companies:

Mobile devices offer countless channels for attackers to deliver socially engineered phishing campaigns with the goal of swiping corporate login credentials or installing advanced malware that can exfiltrate sensitive data from the device. For organizations that allow employees to use personal devices for work in a BYOD model, the risk is even higher considering the number of personal apps people use. Attackers can deliver campaigns through SMS, social media, third-party messaging apps, gaming and even dating apps.

Additionally, Cloudmark advised that users should be vigilant in this regard and provided several tips to protect against SMS malware:

  • Look out for suspicious text messages,
  • Guard your mobile number,
  • Access any linked website directly,
  • Report SMS phishing and spam messages,
  • Be cautious when installing apps to your device,
  • Avoid responding to unsolicited texts,
  • Install apps only from legitimate app stores.

To keep ahead of the latest cybersecurity threats, companies should also take some precautions. These include especially the implementation of security across mobile devices, protection of cloud services and raising awareness among own employees.

Officers’ data leaked in Poland

28. May 2021

The Polish Personal Data Protection Office (UODO) has received a notification of a data breach involving the disclosure of personal data of uniformed services officers. The case is currently being analyzed and supplemented with additional materials and information that shall clarify all its circumstances.

The data controller also notified other authorities about the incident. Among these are the police, the Governmental Computer Security Incident Response Team (CSIRT NASK) and the National Public Prosecutor’s Office. The controller informed UODO that the individuals whose data was subject to the breach would be notified individually through the officers’ home units. Nevertheless, many aspects are still unclear. Therefore, in the course of the investigation, UODO sent a letter to the data controller asking for explanations related to the data breach. Any further action will depend on the information provided by the data controller.

As a result of this situation, UODO emphasises that there is a risk associated with the possibility of unauthorized use of the officers’ personal data, which may involve tangible harm to them. Such activity may include (identity) fraud and invasion of privacy.

In this respect, UODO reminds what actions should be taken to minimize the negative consequences of such a breach. First of all, one should be very careful when providing data via the Internet. Furthermore, it is important to carefully analyse all content included e.g. in SMS messages or e-mails in order to avoid phishing attacks in particular, the aim of which is to obtain additional personal data. In this connection, materials were provided by UODO with further tips on how to reduce the risk of identity theft.