SMS-Based Malware Infecting Mobile Devices

Mobile Networks and Telephones
Advisory ID:
January 20, 2022


Recently a notorious FlutBot SMS Android malware that targets mobile devices was reported, but now there is another Android malware called TangleBot that employs more or less similar tactics to gain control of the device. This malware is reported to be far more invasive than the FlutBot malware.

Description & Consequence

TangleBot Android malware is installed when an unsuspecting user clicks on a malicious link disguised as COVID-19 vaccination appointment-related information in an SMS message or information about fake local power outages that are due to occur. The aim behind both messages remain to encourage potential victims to follow a link that supposedly offers detailed information. Once at the page, user are asked to update applications such as Adobe Flash Player to view the page’s content by going through nine (9) dialogue boxes to give acceptance to different permissions that will allow the malware operators initiate the malware configuration process.

TangleBot gains access to several different permissions when installed on a device, allowing it to eavesdrop on user communications. The malware steals sensitive data stored on the device and monitors almost every user activity, including camera use, audio conversations, and location, among other things. Furthermore, the malware takes complete control of the targeted device, including access to banking data, and can reach the deepest recesses of the Android operating system.


  1. Refrain from opening URLs from unknown sources while using your mobile devices.
  2. Never reply messages or call back a phone number that is associated with the text that you are unaware of.
  3. Always do a web search of both the number and the message content when in doubt.
  4. Mobile users should practice safe messaging practices and avoid clicking on any links in texts, even if they appear to come from a legitimate contact.
  5. Mobile users should also be judicious when downloading apps and should read install prompts closely, looking out for information regarding rights and privileges that the app may request.
  6. Mobile users should be wary of procuring any software from outside a certified app store.
  7. If the message is spoofing a company, call the company directly rather than using the phone number on the message.
  8. Report any incident of system compromise to ngCERT on for technical assistance.




Related Articles