Advertisement
Subscribe to our daily newsletter.
Subscribe

Phone scammers use COVID-19 vaccine appointments to try tricking victims into downloading malware

Fictional regulations are also a focus of the latest alerts.

By

(Getty Images)

Hackers are targeting American and Canadian victims with a malware strain that used coronavirus-themed messages to dupe users into downloading software that collects their personal information, according to findings published Thursday.

The scammers, whose identities are unknown, rely on SMS text messages focused on fictional COVID-19 regulations and vaccine information to trick recipients into clicking a link. That link triggers a malicious software — dubbed TangleBot — that infects a user device to collect call data, microphone and camera access and can be combined with other hacking tools to gather financial data.

The latest research from Cloudmark, a subsidiary of the email security firm Proofpoint, comes amid ongoing revelations about the ways that attackers have weaponized mobile technology to gather information about unwitting users. Some 85% of Americans now own smartphones, up from 35% in 2011, and increasingly trust the devices to communicate and browse the internet in a way that once was exclusive to desktop computers.

The TangleBot news follows Kaspersky researchers announcing that they’d uncovered an apparent WhatsApp modification feature that actually intercepted user text messages and forced them into paid subscriptions. Multiple governments, meanwhile, have enlisted spyware built by the Israeli surveillance vendor NSO Group to target activists, journalists and political rivals.

Advertisement

While TangleBot appears to function as another tool that scammers use to separate victims from their money, the operators have differentiated themselves by using COVID-19 as a tool to tempt users into falling for the ruse. One message informs recipients about “New regulations about COVID-19 in your region,” while another sends the alert, “You have received the appointment for the 3rd dose.” A malicious link accompanies both messages.

Upon clicking that URL, a website appears to notify the user that their Adobe Flash Player is out of date and must be updated. Clicking on the resulting dialog box, though, results only in downloading malware onto a phone. Hackers then are capable of installing a range of device observation capabilities, such as obtaining text messages or streaming audio and video of a victim’s behavior.

“The ability to detect installed apps, app interactions, and inject overlay screens is extremely problematic,” researchers noted.

Jeff Stone

Written by Jeff Stone

Jeff Stone is the editor-in-chief of CyberScoop, with a special interest in cybercrime, disinformation and the U.S. justice system. He previously worked as an editor at the Wall Street Journal, and covered technology policy for sites including the Christian Science Monitor and the International Business Times.

In This Story

Advertisement
Advertisement

More Like This

Advertisement

Top Stories

Advertisement

More Scoops

BAY SHORE, NEW YORK – MARCH 03: A medical worker at South Shore University Hospital administers the newly available Johnson & Johnson COVID-19 vaccine to Susan Maxwell-Trumble on March 03, 2021 in Bay Shore, New York. The new vaccine from the American pharmaceutical company is a single shot vaccine that has shown 85 percent protection against severe disease and can be stored at regular refrigeration temperatures. (Photo by Spencer Platt/Getty Images)

Scammers exploit COVID-19 vaccine confusion for fraud efforts

By Tim Starks

Latest Podcasts

How Troy Hunt knows if you’ve been hacked and Washington tries to understand AI

Why pig butchering is the worst kind of online scam

How the FBI fights ransomware

The logo of the podcast Safe Mode

Rumman Chowdhury on AI red-teaming; a Sisense supply chain attack

Government

Technology

Threats

Geopolitics