Threat actors regularly use current events to try and make phishing attacks and scams look more legitimate. COVID-19 is no exception. Several threat actors have tried to capitalize on the pandemic. Threat researchers have discovered a new phishing campaign targeting American and Canadian victims with SMS text messages regarding COVID-19 vaccines containing malicious links. The messages act as a notification for a third COVID vaccine and contain a link to confirm the appointment. That link launches malware named TangleBot that infects a user device to collect call data, microphone, and camera access. Not all the messages are about the vaccine, however. Others are sent with a message stating “new COVID regulations in your region.” Both messages contain a link that launches a website and notifies users to update their Adobe Flash player. Once clicked on, the malware is downloaded onto the phone and threat actors are then able to install device observation capabilities. This allows threat actors to steal login credentials, banking information, text messages, and any other sensitive information a victim may access on their phone.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is