This Trojan is capable of taking any kind of permission from your mobile phone, even impersonating you due to its advanced biometric voice identification capabilities.
Android mobile phones are among the most popular in the world due to the large number of devices that carry this operating system, which makes cybercriminals focus most of their attacks on these phones using social engineering and fear to try to download the defense of the common sense of the user.
A few days ago we collected the operation of FluBot, a malware that scares you to infect your Android phone, and now researchers from Proofpoint have discovered a new malware in the form of a Trojan called TangleBot which is capable of hijacking practically all the functionalities of your phone.
Although at the moment this malware is being seen in the United States and Canada, it cannot be ruled out that it will also end up spreading to Europe, so you have to be very careful.
Its operation is very similar to other Trojans and is done through sending SMS messages disguising themselves as COVID-19 regulations and especially of the vaccination booster doses where the user is supposedly summoned.
It can also be disguised as messages related to power outages in a particular area that affects the user but, in both cases, they urge you to click on a link.
If the user clicks on the link, they will be taken to a web page where they will be asked to install an Adobe Flash update. Remember that Adobe stopped its support for Flash in December 2020.
If the user is not very attentive to the situation and can be in a hurry, he will end up installing this update that will introduce the Trojan on the phone.
And is that this Trojan can completely infiltrate our device controlling microphone audio, camera video, you can access all our browser history, access password collection, extract data from SMS activity, you can modify any phone configuration settings and even view our GPS location data.
Practically, the TangleBot Trojan offers full surveillance capabilities, being of particular concern the keylogger because it will know exactly each of your passwords.
Another worrying aspect is that the Trojan has the ability to make calls without your consent, which could charge your phone bill with calls to premium services.
Another aspect that makes this Trojan very advanced compared to others, are its biometric voice identification capabilities They could impersonate the victim for any type of two-step authentication of banking services.
As we have said on several occasions, common sense is the main antivirus that we can use, and that is that we should never click on SMS links or emails that we receive, and try to carry out any type of management by manually accessing the portal or service in which we are registered.