Hackers are targeting American and Canadian victims with a malware strain that used coronavirus-themed messages to dupe users into downloading software that collects their personal information, according to findings published Thursday.
The scammers, whose identities are unknown, rely on SMS text messages focused on fictional COVID-19 regulations and vaccine information to trick recipients into clicking a link. That link triggers a malicious software — dubbed tanglebot — that infects a user device to collect call data, microphone and camera access and can be combined with other hacking tools to gather financial data.
The latest research from Cloudmark, a subsidiary of the email security firm Proofpoint, comes amid ongoing revelations about the ways that attackers have weaponized mobile technology to gather information about unwitting users. Some 85% of Americans now own smartphones, up from 35% in 2011, and increasingly trust the devices to communicate and browse the internet in a way that once was exclusive to desktop computers.
The TangleBot news follows Kaspersky researchers announcing that they’d uncovered an apparent WhatsApp modification feature that actually intercepted user text messages and forced them into paid subscriptions. Multiple governments, meanwhile, have enlisted spyware built by the Israeli surveillance vendor NSO Group to target