Phone scammers use COVID-19 vaccine appointments to try tricking victims into downloading malware
Hackers are targeting American and Canadian victims with a malware strain that used coronavirus-themed messages to dupe users into downloading software that collects their personal information, according to findings published Thursday.
The scammers, whose identities are unknown, rely on SMS text messages focused on fictional COVID-19 regulations and vaccine information to trick recipients into clicking a link. That link triggers a malicious software — dubbed TangleBot — that infects a user device to collect call data, microphone and camera access and can be combined with other hacking tools to gather financial data.
The latest research from Cloudmark, a subsidiary of the email security firm Proofpoint, comes amid ongoing revelations about the ways that attackers have weaponized mobile technology to gather information about unwitting users. Some 85% of Americans now own smartphones, up from 35% in 2011, and increasingly trust the devices to communicate and browse the internet in a way that once was exclusive to desktop computers.
The TangleBot news follows Kaspersky researchers announcing that they’d uncovered an apparent WhatsApp modification feature that actually intercepted user text messages and forced them into paid subscriptions. Multiple governments, meanwhile, have enlisted spyware built by the Israeli surveillance vendor NSO Group to target activists, journalists and political rivals.
While TangleBot appears to function as another tool that scammers use to separate victims from their money, the operators have differentiated themselves by using COVID-19 as a tool to tempt users into falling for the ruse. One message informs recipients about “New regulations about COVID-19 in your region,” while another sends the alert, “You have received the appointment for the 3rd dose.” A malicious link accompanies both messages.
Upon clicking that URL, a website appears to notify the user that their Adobe Flash Player is out of date and must be updated. Clicking on the resulting dialog box, though, results only in downloading malware onto a phone. Hackers then are capable of installing a range of device observation capabilities, such as obtaining text messages or streaming audio and video of a victim’s behavior.
“The ability to detect installed apps, app interactions, and inject overlay screens is extremely problematic,” researchers noted.