SMS-Based Malware Targets Android Devices in Nigeria

Close up of Nigerian Flag Waving in blue skies

Nigeria’s telecom regulator has warned citizens about a high-risk piece of malware called TangleBot, which targets Android devices. The malware enters devices through malicious links sent via SMS disguised as official information, such as COVID-19 vaccination appointments.

Invasive Malware Gains Control of Mobile Devices

The Nigerian Communications Commission (NCC) is the country’s independent telecommunications regulator. It learned about the malware from ngCERT, the Nigerian Computer Emergency Response Team, in a recent security advisory.

NCC said the malware operators aim to trick unsuspecting Nigerians to click on malicious links that appear to offer important information. Apart from COVID vaccination data, some messages claim to offer information on local power outages. When a user clicks on the link, they are taken to a page where they are asked to update Adobe Flash Player in order to view the page.

The user then goes through nine dialogue boxes to give multiple permissions. This allows TangleBot’s operators to configure the malicious software. Once this is complete, the operators can snoop on user communications and exfiltrate stored data. Furthermore, the malicious actors gain access to the device’s camera, audio conversions, location, and so on.

NCC Urges Users to Refrain From Clicking on Sketchy URLs

The NCC added that TangleBot allows operators to steal highly sensitive information, such as banking data. The malware can also reach deep into the Android operating system.

The regulator reminded Nigerians to be aware of such malicious activity. “The NCC, therefore, wishes to, once again, urge millions of telecom consumers to be wary of such wiles of cybercriminals, whose intent is to defraud unsuspecting Internet users,” the NCC said in its press release.

The ngCERT advised telecom customers and internet users to avoid opening unknown or sketchy URLs on their mobile devices. Users should also refrain from responding to messages or calling back unfamiliar phone numbers. “Should any telecom consumer or Internet user become curious and wish to ascertain the authenticity of any call or messages and wish to probe the incident, such persons may do a web search of both the number and the message content,” it stated.

Moreover, it urged users to exercise caution when installing applications from outside the Google Play Store. Applications from third-party app stores are not subject to the same safety standards as those on the Play Store. Therefore, such software could present significant safety risks.

The NCC also directed users to report security incidents to ngCERT via their official email for requisite support and assistance.

If you found this article interesting and want to protect yourself from malicious snooping, our resource on spyware is a great place to start!

Technology policy researcher
Prateek is a technology policy researcher with a background in law. His areas of interest include data protection, privacy, digital currencies, and digital literacy. Outside of his research interests, Prateek is an avid reader and is engaged in projects on sustainable farming practices in India.