TangleBot Android Malware Photo: HackRead

Cybercrime: NCC alerts telecoms consumers to new TangleBot SMS-based Android malware

*The Nigerian Communications Commission urges millions of Nigerian telecoms consumers to be wary of tactics of cybercriminals intent on defrauding unsuspecting Internet users, as the ngCERT offers a number of preventive measures against attacks

Gbenga Kayode | ConsumerConnect

As part of the telecoms sector regulatory Commission’s commitment to consumer protection in the country’s ecosystem, the Nigerian Communications Commission (NCC) says it has been informed of a new high-risk, critical and Short Messaging Service (SMS)-based malware tagged, TangleBot, infecting Android mobile devices.

ConsumerConnect reports the NCC noted TangleBot employs more or less similar tactics as the recently-announced notorious FlutBot SMS Android malware that targets mobile devices.

TangleBot, according to the Commission, equally gains control of the device but in far more invasive manner than the FlutBot malware.

RELATED Cybersecurity: NCC-CSIRT Identifies 2 Cyber Vulnerabilities, Offers Measures For Consumer Protection

The SMS links are only malicious via Android mobile devices, and have also been sent to telecoms consumers in the United States (US) and Canada respectively, according to report.

Dr. Ikechukwu Adinde, Director of Public Affairs at NCC, Saturday, January 29, 2022, stated the Nigerian Computer Emergency Response Team (ngCERT) made the disclosure on TangleBot in a recent security advisory made available to the Commission’s New Media and Information Security Department.

How TangleBot Android malware works

The NCC said: “TangleBot Android malware is installed when an unsuspecting user clicks on a malicious link disguised as COVID-19 vaccination appointment-related information in an SMS message or information about fake local power outages that are due to occur.

READ ALSO Cybercrime: NCC Alerts Consumers To New ‘AbstractEmu’ Malware Attacking Android Devices

“The aim behind both or either of the messages (on COVID-19 or impending power outages) is to encourage potential victims to follow a link that supposedly offers detailed information.”

The Commission also noted once at the page, users are asked to update applications such as Adobe Flash Player to view the page’s content by going through nine dialogue boxes to give acceptance to different permissions that will allow the malware operators initiate the malware configuration process.

The immediate consequence to this, NCC stated, is that TangleBot gains access to several different permissions when installed on a device, allowing it to eavesdrop on user communications.

RELATED: Danbatta Restates NCC’s Commitment To Broadband, Consumer Protection, Digital Economy

According to the telecoms sector regulator, the malware then, steals sensitive data stored on the device and monitors almost every user activity, including camera use, audio conversations, and location, among other things.

The malware takes complete control of the targeted device, including access to banking data, and can reach the deepest recesses of the Android operating system, said the Commission.

ngCERT offers preventive measures against cyberattacks

The Commission further said in order to ensure maximum protection for Internet users in the country, the ngCERT has offered a number of preventive measures to be taken by the consumers.

These measures, it stated, include an advisory to telecoms consumers and other Internet users to refrain from opening Uniform Resource Locators (URLs) from unknown sources while using your mobile devices.

READ ALSO: Telecoms Regulator’s Central Mandate Is To Ensure Consumer Protection ─NCC

Additionally, telecoms consumers should never respond or send reply to messages or call back a phone number that is associated with the text that they are unaware of.

Should any telecoms consumers or Internet users become curious and wish to ascertain the authenticity of any call or messages and wish to probe the incident,  such persons may do a Web search of both the number and the message content.

“The NCC hereby reiterates that mobile users are under obligation to practice safe messaging practices and avoid clicking on any links in texts, even if they appear to come from a legitimate contact.

Indeed, it is important to be judicious when downloading apps by reading install prompts closely, looking out for information regarding rights  and privileges that the app may request,” said the NCC.

It noted other risk-mitigating measures advised by ngCERT are for users to be cautious of procuring any software from outside a certified app store.

RELATED: NCC Commissions Incident Response Facility For Cybersecurity In Abuja

The telecoms regulator as well stated that it is safer to call the company directly rather than using the phone number on the message received, especially if the message is spoofing a company.

The NCC urges telecoms consumers and other Internet users to report any incident of system compromise to ngCERT via incident@cert.gov.ng for necessary support and technical assistance.

Dr. Adinde said the NCC, therefore, wishes to urge millions of telecoms consumers in Nigeria to be wary of such wiles of cybercriminals, whose intent is to defraud unsuspecting Internet users in the country.

The Commission expresses its commitment to continuously informing and educating mobile telephony subscribers and Internet users in Nigeria, on cyber risks, however they may manifest.

“This is to insulate them from the dangers and losses arising from cybercrimes of any kind,” added the Commission.

Kindly Share This Story