Threat Intel Flash: Sisense Data Compromise: ARC Labs Intelligence Flash

Get the Latest


Phone Scammers Use COVID-19 Vaccine Appointments To Try Tricking Victims Into Downloading Malware

Threat actors regularly use current events to try and make phishing attacks and scams look more legitimate. COVID-19 is no exception. Several threat actors have tried to capitalize on the pandemic. Threat researchers have discovered a new phishing campaign targeting American and Canadian victims with SMS text messages regarding COVID-19 vaccines containing malicious links. The messages act as a notification for a third COVID vaccine and contain a link to confirm the appointment. That link launches malware named TangleBot that infects a user device to collect call data, microphone, and camera access. Not all the messages are about the vaccine, however. Others are sent with a message stating “new COVID regulations in your region.” Both messages contain a link that launches a website and notifies users to update their Adobe Flash player. Once clicked on, the malware is downloaded onto the phone and threat actors are then able to install device observation capabilities. This allows threat actors to steal login credentials, banking information, text messages, and any other sensitive information a victim may access on their phone.

Analyst Notes

Currently, third doses of the COVID vaccines are available for certain higher risk individuals but have not yet been made available to the general public. Even when they are available, organizations generally do not automatically schedule and notify patients. Be weary of any notification regarding COVID-19 sent directly to your phone. Always check sources before clicking on any links and do not open any links or documents from an unknown sender. Individuals should verify any appointment reminders with their medical institution by contacting them directly. Check official government websites for national and local updates regarding COVID-19 regulations.

Phone scammers use COVID-19 vaccine appointments to try tricking victims into downloading malware