NCC Warns On Tanglebot, New SMS-Based Android Malware Unleashed By Cybercriminals

IT & Telecom Brands
By Ntia Usukuma
0
Prof. Umar Dambatta, EVC/CEO, NCC

The Nigerian Communications Commission (NCC), again, has been informed of a new high-risk, critical, and Short Messaging Service-based malware, TangleBot, infecting Android mobile devices.

TangleBot employs more or less similar tactics as the recently-announced notorious FlutBot SMS Android malware that targets mobile devices. TangleBot equally gains control of the device but in a far more invasive manner than the FlutBot malware.

The disclosure on TangleBot was made in a recent security advisory made available to the Commission’s New Media and Information Security Department by the Nigerian Computer Emergency Response Team (ngCERT).

TangleBot Android malware is installed when an unsuspecting user clicks on a malicious link disguised as COVID-19 vaccination appointment-related information in an SMS message or information about fake local power outages that are due to occur.

The aim behind both or either of the messages (on COVID-19 or impending power outages) is to encourage potential victims to follow a link that supposedly offers detailed information. Once at the page, users are asked to update applications such as Adobe Flash Player to view the page’s content by going through nine (9) dialogue boxes to give acceptance to different permissions that will allow the malware operators to initiate the malware configuration process.

The immediate consequence of this is that TangleBot gains access to several different permissions when installed on a device, allowing it to eavesdrop on user communications. The malware then steals sensitive data stored on the device and monitors almost every user activity, including camera use, audio conversations, and location, among other things.

Furthermore, the malware takes complete control of the targeted device, including access to banking data, and can reach the deepest recesses of the Android operating system.

The NCC, therefore, wishes to, once again, urge millions of telecom consumers in Nigeria to be wary of such wiles of cybercriminals, whose intent is to defraud unsuspecting Internet users.

To ensure maximum protection for Internet users in the country, the ngCERT has offered several preventive measures to be taken by the consumers.

These measures include an advisory to telecom consumers and other Internet users to refrain from opening Uniform Resource Locators (URLs) from unknown sources while using your mobile devices.

Additionally, telecom consumers should never respond or send a reply to messages or call back a phone number that is associated with the text that they are unaware of. Should any telecom consumer or Internet user become curious and wish to ascertain the authenticity of any call or messages and wish to probe the incident, such persons may do a web search of both the number and the message content.

Other risk-mitigating measures advised by ngCERT is for users to be cautious of procuring any software from outside a certified app store. Advisedly, it is safer to call the company directly rather than using the phone number on the message received, especially if the message is spoofing a company. 

In a related development, The Nigerian Communications Commission’s Cyber Security Incident Response Team (NCC-CSIRT) has also identified two cyber vulnerabilities and advised Nigerian telecom consumers on the measures to be taken to get protected from the cyber-attacks.

The CSIRT, in its first-ever security advisories less than three months after its creation, has solely identified the two cyber-attacks targeting the consumers and proffer solutions that can help telecom consumers from falling victims to the two cyber vulnerabilities.

The first is described as Juice Jacking, which can gain access into consumers’ devices when charging mobile phones at public charging stations and it applies to all mobile phones. The other is a Facebook for Android Friend Acceptance Vulnerability, which targets only Android Operating System.

According to CSIRT security, Advisory 0001 released on January 26, 2022, with Juice Jacking, attackers have found a new way to gain unauthorized entry into unsuspecting mobile phone users’ devices when they charge their mobile phones at public charging stations.

However, an attacker can leverage this courtesy to load a payload in the charging station or on the cables they would leave plugged in at the stations.

Once unsuspecting persons plug their phones at the charging station or the cable left by the attacker, the payload is automatically downloaded on the victims’ phone. This payload then gives the attacker remote access to the mobile phone, allowing them to monitor data transmitted as text, or audio using the microphone. The attacker can even watch the victim in real-time if the victims’ camera is not covered. The attacker is also given full access to the gallery and also to the phone’s Global Positioning System (GPS) location.

The NCC-CSIRT, however, proffered solutions to this attack to include using ‘charging only USB cable’, to avoid Universal Serial Bus (USB) data connection; using one’s AC charging adaptor in public space, and not granting trust to portable devices prompt for USB data connection.

Other preventive measures against Juice Jacking include installing Antivirus and updating them to the latest definitions always; keeping mobile devices up to date with the latest patches; using one’s power bank; keeping the mobile phone off when charging in public places; as well as ensuring use of one’s charger if one must charge in public.

Ntia Usukuma
You might also like More from author

Leave A Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.