NCC warns against new SMS-based Android Malware, TangleBot, unleashed by Cybercriminals

January 29, 2022
201 Views

Spread the love

NCC warns against new SMS-based Android Malware, TangleBot, unleashed by Cybercriminals.

The Nigerian Communications Commission (NCC), has warned the public against a new high-risk, critical and Short Messaging Service-based malware, TangleBot, infecting Android mobile devices.

Dr Ikechukwu Adinde, Director of Public Affairs (DPA), NCC, made this known in a statement on Saturday in Abuja

Adinde noted that TangleBot employs more or less similar tactics as the recently-announced notorious FlutBot SMS Android malware that targets mobile devices.

He said that TangleBot equally gains control of the device but in far more invasive manner than the FlutBot malware.

Malware, otherwise called malicious software, is any programme or file that is intentionally harmful to a computer, network or server.

He said that the disclosure on TangleBot was made in a recent security advisory made available to the Commission’s New Media and Information Security Department by the Nigerian Computer Emergency Response Team (ngCERT).

“TangleBot Android malware is installed when an unsuspecting user clicks on a malicious link disguised as COVID-19 vaccination appointment-related information.

“This can be in an SMS message or information about fake local power outages that are due to occur.

“The aim behind both or either of the messages on COVID-19 or impending power outages is to encourage potential victims to follow a link that supposedly offers detailed information.

“Once at the page, users are asked to update applications such as Adobe Flash Player to view the page’s content.

“By going through nine nine dialogue boxes to give acceptance to different permissions that will allow the malware operators initiate the malware configuration process.

He said that the immediate consequence to this is that TangleBot would gain access to several different permissions when installed on a device, allowing it to eavesdrop on user communications.

He explained that the malware then steals sensitive data stored on the device and monitors almost every activity, including camera use, audio conversations, and location, among other things.

The DPA, however, said that the malware takes complete control of the targeted device, including access to banking data, and can reach the deepest recesses of the Android operating system.

He urged millions of telecom consumers in Nigeria to be wary of such wiles of cyber criminals, whose intent would defraud unsuspecting internet users.

In order to ensure maximum protection for internet users in the country, Adinde said that the ngCERT has offered a number of preventive measures to be taken by the consumers.

He informed that the measures include an advisory to telecom consumers and other internet users to refrain from opening Uniform Resource Locators (URLs) from unknown sources while using your mobile devices.

“Telecom consumers should never respond or send reply to messages or call back a phone number that is associated with the text that they are unaware of.

“Should any telecom consumer become curious and wish to ascertain the authenticity of any call or messages and wish to probe the incident, such persons may do a web search of both the number and the message content.

“The NCC hereby reiterates that mobile users are under obligation to practice safe messaging practices and avoid clicking on any links in texts, even if they appear to come from a legitimate contact.

“It is important to be judicious when downloading apps by reading install prompts closely, looking out for information regarding rights and privileges that the app may request,” he said.

He said other risk-mitigating measures advised by ngCERT is for users to be cautious of procuring any software from outside a certified app store.

“It is safer to call the company directly rather than using the phone number on the message received, especially if the message is spoofing a company.

“Telecom consumers and other internet users should report any incident of system compromise to ngCERT via [email protected] for necessary support and technical assistance.

“The Commission expresses its commitment to continuously inform and educate mobile telephony subscribers and internet users in Nigeria, on cyber risks, however they may manifest.

“This is to insulate them from the dangers and losses arising from cybercrimes of any kind,” he said.

You may be interested

‘It Was A Fair Result’ — Troost-Ekong Reacts To Super Eagles Stalemate Vs Benin Republic
Sports
3 views
Sports
3 views

‘It Was A Fair Result’ — Troost-Ekong Reacts To Super Eagles Stalemate Vs Benin Republic

Webby - November 15, 2024

Super Eagles captain William Troost-Ekong claimed the Super Eagles deserved a point from their 2025 Africa Cup of Nations qualifying…

Sports
1 views

Dikko Vows Full NSC Support For Nigerian Teams’ Continental Success

Webby - November 15, 2024

National Sports Commission (NSC) Chairman, Shehu Dikko, has pledged the Commission’s commitment to support all Nigerian sports teams competing on…

Super Eagles Goalkeeper Nwabali Loses Father
Sports
1 views
Sports
1 views

Super Eagles Goalkeeper Nwabali Loses Father

Webby - November 15, 2024

Super Eagles goalkeeper, Stanley Nwabali, has lost his father.Nwabali announced the death of his father on Instagram on Friday, November…

Leave a Comment

Your email address will not be published.