Cybersecurity experts warn that newly discovered malware is showing up as fake text messages that are designed to steal sensitive information on Android cell phones in the United States and Canada.
In addition, there are new threats against Apple and Microsoft systems and users are advised to update their systems as soon as possible. Read about the threat to Microsoft software here and Apple systems here.
This is an update for NJSBA members because keeping you safe and protected matters. We are constantly monitoring cybersecurity matters and the latest scams so we can help protect you.
The New Jersey Cybersecurity and Communications Integration Cell (NJCCIC), part of the New Jersey Office of Homeland Security and Preparedness, said the malware campaign, dubbed TangleBot, was discovered in early September when SMS (text) messages purporting to be legitimate medical notifications showed up on some users’ cell phones that contained links to COVID-19 or vaccine information.
Recent campaigns are targeting customers of hydroelectric plants with false warnings of potential power outages, according to Proofpoint, the cybersecurity company that first detected the attack.
NJCCIC warns that if the links in the messages are clicked, users are prompted through several dialog boxes to update Adobe Flash, accept permissions, and install software from unknown sources in order to display the content. Behind the scenes, TangleBot is installed and configured to provide full control and monitoring of the device, including the recording of user activity and tracking location, and exfiltration of sensitive data.
NJCCIC advises users to refrain from clicking on links delivered in SMS text messages. Instead, it advises users to navigate directly to the official corresponding website. If you are unsure of the legitimacy of a message, contact the sender via a separate means of communication before taking any action.
Read the NJCCIC alert here.
Read Proofpoint’s blog here.