S1069 TangleBot
TangleBot is SMS malware that was initially observed in September 2021, primarily targeting mobile users in the United States and Canada. TangleBot has used SMS text message lures about COVID-19 regulations and vaccines to trick mobile users into downloading the malware, similar to FluBot Android malware campaigns.1
| Item | Value |
|---|---|
| ID | S1069 |
| Associated Names | |
| Type | MALWARE |
| Version | 1.0 |
| Created | 28 February 2023 |
| Last Modified | 01 March 2023 |
| Navigation Layer | View In ATT&CK® Navigator |
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| mobile | T1429 | Audio Capture | TangleBot can record audio using the device microphone.1 |
| mobile | T1616 | Call Control | TangleBot can make and block phone calls.1 |
| mobile | T1533 | Data from Local System | TangleBot can request permission to view files and media.1 |
| mobile | T1417 | Input Capture | - |
| mobile | T1417.002 | GUI Input Capture | TangleBot can use overlays to cover legitimate applications or screens.1 |
| mobile | T1430 | Location Tracking | TangleBot can request location permissions.1 |
| mobile | T1636 | Protected User Data | - |
| mobile | T1636.002 | Call Log | TangleBot can request permission to view call logs.1 |
| mobile | T1636.003 | Contact List | TangleBot can request permission to view device contacts.1 |
| mobile | T1636.004 | SMS Messages | TangleBot can read incoming text messages.1 |
| mobile | T1513 | Screen Capture | TangleBot can record the screen and stream the data off the device.1 |
| mobile | T1582 | SMS Control | TangleBot can send text messages.1 |
| mobile | T1418 | Software Discovery | TangleBot can obtain a list of installed applications.1 |
| mobile | T1512 | Video Capture | TangleBot can record video from the device camera.1 |