TangleBot

TangleBot is SMS malware that was initially observed in September 2021, primarily targeting mobile users in the United States and Canada. TangleBot has used SMS text message lures about COVID-19 regulations and vaccines to trick mobile users into downloading the malware, similar to FluBot Android malware campaigns.^[1]

ID: S1069

ⓘ

Type: MALWARE

ⓘ

Platforms: Android

Version: 1.0

Created: 28 February 2023

Last Modified: 01 March 2023

Version Permalink

Live Version

Techniques Used

Domain	ID		Name	Use
Mobile	T1429		Audio Capture	TangleBot can record audio using the device microphone.^[1]
Mobile	T1616		Call Control	TangleBot can make and block phone calls.^[1]
Mobile	T1533		Data from Local System	TangleBot can request permission to view files and media.^[1]
Mobile	T1417	.002	Input Capture: GUI Input Capture	TangleBot can use overlays to cover legitimate applications or screens.^[1]
Mobile	T1430		Location Tracking	TangleBot can request location permissions.^[1]
Mobile	T1636	.002	Protected User Data: Call Log	TangleBot can request permission to view call logs.^[1]
		.003	Protected User Data: Contact List	TangleBot can request permission to view device contacts.^[1]
		.004	Protected User Data: SMS Messages	TangleBot can read incoming text messages.^[1]
Mobile	T1513		Screen Capture	TangleBot can record the screen and stream the data off the device.^[1]
Mobile	T1582		SMS Control	TangleBot can send text messages.^[1]
Mobile	T1418		Software Discovery	TangleBot can obtain a list of installed applications.^[1]
Mobile	T1512		Video Capture	TangleBot can record video from the device camera.^[1]

References

Felipe Naves, Andrew Conway, W. Stuart Jones, Adam McNeil . (2021, September 23). TangleBot: New Advanced SMS Malware Targets Mobile Users Across U.S. and Canada with COVID-19 Lures. Retrieved February 28, 2023.

TangleBot

Mobile Layer

Techniques Used

References