If You're an Android User, Don't Click on This Text Message
This could leave your phone vulnerable to hackers.
It may seem like the tech world is dominated by Apple, but Android actually controls 73 percent of the world's mobile market, making it the most used smartphone company globally. Though Android may be king size-wise, the cybersecurity experts at NordVPN say Androids are more susceptible to security flaws. While the company claims it has been working to button up security, hackers have found ways to bypass it—and now, experts say if you use an Android phone, you should be wary of a new text message scam related to COVID.
If you're an Android user and you get one of these two text messages about COVID, don't click on it.
Android users are getting targeted by a new malware known as "TangleBot," according to the mobile and email security company Cloudmark. As CBS News reported on Sept. 23, TangleBot is being sent to Android users in the U.S. and Canada by one of two text messages: one message claims to have the latest COVID guidance for their area, while the other informs them that their third vaccine dose has been scheduled, and both include a link.
Neither of these messages are valid, and if a user clicks on the link attached to the texts, they will be prompted to update their phone's Adobe Flash Player. However, the "update" will instead download the malware onto your Android.
"They are using incredibly fresh lures that all map to the sorts of things that we're hearing about in the news with COVID, whether we are talking about the booster or other things that you are likely to see on the front page of whatever news site you go to," Ryan Kalember, the executive vice president of cybersecurity at Cloudmark's parent company ProofPoint, told CBS News.
If this malware gets downloaded onto your phone, your information may be compromised.
If you accidentally download the TangleBot malware to your phone, scammers can become privy to a lot of your stored information. "The TangleBot malware can do a ton of different things," Kalember said. "It can access your microphone, it can access your camera, it can access SMS, it can access your call logs, your internet, [and] your GPS so it knows where you are."
Fortunately, users are typically warned by their phone before they attempt to download the malware. According to CBS News, Android users are warned about the dangers of downloading software from "unknown sources" and a series of permission boxes are displayed before your phone is infected with TangleBot.
And for more safety news and tips sent right to your inbox, sign up for our daily newsletter.
Unfortunately, you likely won't realize the malware is on your phone once it's downloaded.
Once the malware is on your phone, it's practically unrecognizable since Tanglebot has the capability of showing hacked users an overlay screen that looks like what they're used to seeing, while a fake window is being run by hackers to steal your information, according to Kalember.
For instance, you might think you are logging onto your mobile banking site, but you could actually be typing your information onto a hidden screen that is being monitored by hackers. "I would hope that [users] would remember the Adobe Flash prompt but after that, they probably won't see very much from TangleBot," Kalember told CBS News. "Like most pieces of mobile malware, it is relatively stealthy in terms of its appearance."
The malware can be hard to remove from your Android.
According to Cloudmark, hackers have been using TangleBot for weeks now, so they predict its reach could be "very widespread" at this point. And once the malware is installed on a device, "it is pretty hard to remove it," Kalember warned.
Cloudmark is advising users not to respond to any unsolicited commercial messages and refrain from clicking on any link provided in text messages, as hackers are "increasingly using mobile messaging" to attack smartphone users. "[It's] exploiting the user's vulnerability," Kalember told CBS News. "You are basically being tricked into installing the attacker's code."