To infect Android devices, malware disguises itself as a COVID-19 vaccination appointment SMS.

A new Android malware infection disguised as a COVID-19 vaccination appointment message has been discovered. It then takes complete control of the infected devices, taking data such as the victims’ passwords and banking information.

The software, dubbed Tanglebot, is said to be able to follow a user’s whereabouts once their device has been infected.

By hijacking a user’s camera and secretly listening through their device’s microphone, it may also monitor and record their behaviour.

Tanglebot was first discovered in September and is aimed at people in the United States and Canada. According to ZDNet, it uses the SMS platform to infiltrate Android smartphones.

The malware preys on naive users by posing as a text message containing COVID-19 vaccination information. It entices the recipient to click on the link provided in the SMS to learn more.

When a user falls for the trap, they are directed to a page where they must upgrade Adobe Flash Player. Because many individuals are unaware that Adobe hasn’t supported mobile devices since 2012 and hasn’t supported Flash since 2020, many users blindly accept the ostensible upgrade.

Several conversation boxes show on the screen during the installation process, asking the Android user to accept agreements and grant the app particular permissions. One of the conversation windows asks for permission to give Adobe Flash Player complete authority over the device.

However, the user is unaware that by granting such permission, they are effectively granting thieves full access to their Android smartphone. At this moment, hackers have access to a wide range of surveillance and data collection tools, allowing them to monitor and steal information from users.

Many Android users are vulnerable to malware attacks, according to Proofpoint, because they continue to download apps from unknown sources despite receiving several security warnings on their smartphones. It’s the same kind of activity that placed so many people at danger during the recent Flubot outbreak.

Because hackers are increasingly using mobile messaging as a method of attack, users should avoid replying to unsolicited commercial messages and be cautious about sharing their contact information with commercial organisations. They should also avoid clicking on any link included in text messages and be vigilant of those that contain warnings or notifications about parcel delivery, software company Cloudmark said as per CBS News.