1. Home
  2. Software
  3. TangleBot

TangleBot

TangleBot is SMS malware that was initially observed in September 2021, primarily targeting mobile users in the United States and Canada. TangleBot has used SMS text message lures about COVID-19 regulations and vaccines to trick mobile users into downloading the malware, similar to FluBot Android malware campaigns.[1]

ID: S1069
Type: MALWARE
Platforms: Android
Version: 1.0
Created: 28 February 2023
Last Modified: 01 March 2023
Version Permalink
Mobile Layer
download view

Techniques Used

Domain ID Name Use
Mobile T1429 Audio Capture

TangleBot can record audio using the device microphone.[1]
Mobile T1616 Call Control

TangleBot can make and block phone calls.[1]
Mobile T1533 Data from Local System

TangleBot can request permission to view files and media.[1]
Mobile T1417 .002 Input Capture: GUI Input Capture

TangleBot can use overlays to cover legitimate applications or screens.[1]
Mobile T1430 Location Tracking

TangleBot can request location permissions.[1]
Mobile T1636 .002 Protected User Data: Call Log

TangleBot can request permission to view call logs.[1]
.003 Protected User Data: Contact List

TangleBot can request permission to view device contacts.[1]
.004 Protected User Data: SMS Messages

TangleBot can read incoming text messages.[1]
Mobile T1513 Screen Capture

TangleBot can record the screen and stream the data off the device.[1]
Mobile T1582 SMS Control

TangleBot can send text messages.[1]
Mobile T1418 Software Discovery

TangleBot can obtain a list of installed applications.[1]
Mobile T1512 Video Capture

TangleBot can record video from the device camera.[1]

References

  1. Felipe Naves, Andrew Conway, W. Stuart Jones, Adam McNeil . (2021, September 23). TangleBot: New Advanced SMS Malware Targets Mobile Users Across U.S. and Canada with COVID-19 Lures. Retrieved February 28, 2023.