TangleBot is SMS malware that was initially observed in September 2021, primarily targeting mobile users in the United States and Canada. TangleBot has used SMS text message lures about COVID-19 regulations and vaccines to trick mobile users into downloading the malware, similar to FluBot Android malware campaigns.[1]

ID: S1069
Platforms: Android
Version: 1.0
Created: 28 February 2023
Last Modified: 01 March 2023

Techniques Used

Domain ID Name Use
Mobile T1429 Audio Capture

TangleBot can record audio using the device microphone.[1]

Mobile T1616 Call Control

TangleBot can make and block phone calls.[1]

Mobile T1533 Data from Local System

TangleBot can request permission to view files and media.[1]

Mobile T1417 .002 Input Capture: GUI Input Capture

TangleBot can use overlays to cover legitimate applications or screens.[1]

Mobile T1430 Location Tracking

TangleBot can request location permissions.[1]

Mobile T1636 .002 Protected User Data: Call Log

TangleBot can request permission to view call logs.[1]

.003 Protected User Data: Contact List

TangleBot can request permission to view device contacts.[1]

.004 Protected User Data: SMS Messages

TangleBot can read incoming text messages.[1]

Mobile T1513 Screen Capture

TangleBot can record the screen and stream the data off the device.[1]

Mobile T1582 SMS Control

TangleBot can send text messages.[1]

Mobile T1418 Software Discovery

TangleBot can obtain a list of installed applications.[1]

Mobile T1512 Video Capture

TangleBot can record video from the device camera.[1]