Text messages have not gone out of fashion. While platforms like WhatsApp and Telegram have exploded in use, 2.1 trillion text messages were still sent in 2020. Facebook Messenger is also a popular choice, and the company recently introduced end-to-end encryption.
Unfortunately, text messages are also popular with cybercriminals. Constantly developed to infect as many devices as possible, malware hiding in texts is an ever-growing concern.
While they come in different forms, an old trick has been re-engineered to cause financial havoc. Read on to see how malicious text messages can install money-grabbing malware.
Here’s the backstory
Medusa malware made its first appearance in July 2020, sparking concern with its ability to infect devices rapidly. The malware is also known as Tanglebot and is spread through text messages containing malicious links. If the malware infects your device, crooks can steal data and even take over your phone.
ThreatFabric researchers noticed a development change in the current version, making Medusa even more dangerous. In addition to the regular reading of text messages and accessing your contacts, it can now steal your money too. It’s a dangerous banking trojan that you need to keep off your gadget.
This particular scam combines SMS (short message service or text messages) and phishing and is known as smishing. These attacks attempt to gain your trust by imitating brands and companies you know or support.
The malware performs fraudulent actions either through a keylogger or by taking control of your device’s clipboard. And it isn’t easy to spot. Built into the malware’s code are instructions for evading antivirus detection and preventing the installation of apps that will detect it.
According to ThreatFabric, here’s how the scheme works: you receive a message via text that contains malicious links. Scammers pretend to have information on a delivery or an app that needs an immediate update. But the link leads to a malicious download that will infect your device with malware.
Once the malware is on your device, it can be used to steal your banking login credentials and more.
What you need to know
How is Medusa or Tanglebot distributed? Well, criminals create a sense of urgency with their attacks, so you’ll often find messages urging you to update one app or another. For example, the most frequently used technique claims that your Adobe Flash Player is out-of-date.
Other tricks used to get you to click on the malicious link includes:
- At the height of the pandemic, text messages allegedly informed you of where to get a vaccine shot.
- Tracking a delivery from UPS or DHL.
- A text message about an online purchase or how to claim a refund.
- Informing you about delivery to an Amazon Hub Locker.
Luckily there are several ways in which you can stay safe:
- Don’t trust text messages – If you receive a suspicious text message, delete it ASAP. Don’t engage by replying or clicking links.
- Follow up with official contacts – Instead of responding to unsolicited texts, contact official companies directly through known phone numbers or email addresses.
- Avoid clicking links – If you think you have business with a company or want information, go to the company’s official site or government site instead of clicking links in texts.
- Make sure you have trustworthy antivirus software protecting all of your devices – We recommend our sponsor, TotalAV. Right now, get an annual plan of TotalAV Internet Security for only $19 at ProtectWithKim.com. That’s over 85% off the regular price.
- Report scams – If you are sent a scam text, report it using the reporting feature in your messaging app or forward the scam text to 7726, which spells “SPAM.”
- Change your passwords – If you think you’re a victim of a scam, it’s best to change passwords to impacted accounts. Tap or click here for tips on creating stronger passwords.