StrandHogg vulnerability enables malicious software to masquerade as trusted Android apps

New Unpatched Strandhogg Android Vulnerability Actively Exploited in the Wild

Malicious apps can exploit this functionality by setting the TaskAffinity for one or more of its activities to match a package name of a trusted third-party app. StrandHogg opens the door for attackers to listen to a user through a microphone, take photos using the device's camera, read and send SMS text messages, make or record phone conversations, phish login credentials, obtain access to all files and logs on a device and finally access location and Global Positioning System information.

Researchers have discovered several dozen malicious apps that have been exploiting the StrandHogg vulnerability.

Initially discovered by Promon and Lookout, the flaw allows cybercriminals to take advantage of the way Android handles more than one process at a time, depending on which app is being displayed to a user.

Dubbed Strandhogg, the vulnerability resides in the multitasking feature of Android that can be exploited by a malicious app installed on a device to masquerade as any other app on it, including any privileged system app. This makes them second-stage payloads, according to the research.

The company claimed the loophole exists in the multi-tasking system of Android and that threat actors have been exploiting it with malicious apps that compromise legit apps and steal confidential login passwords, location, messages, and other private data from them.

According to Promon, there is no reliable method of detecting if StrandHogg was exploited on an Android device and there is no way to block such an attack. Promon is asking the vulnerability "StrandHogg", an previous Norse time period for the Viking tactic of raiding coastal areas to plunder and maintain folks for ransom.

Google representatives didn't respond to questions about when the flaw will be patched, how many Google Play apps were caught exploiting it, or how many end users were affected.


However, Strandhogg-infected apps don't exist in the Android official App Store Google Play.

The Promon researchers further pointed out that they have disclosed their findings to Google last Summer.

Permission popups that do not comprise an app identify. These codes can ask for permission or show phishing pages. So, when the user clicks a trusted app's icon on the screen, a malicious version instead starts.

Promon researchers mentioned they recognized StrandHogg after studying from an unnamed Japanese European safety firm for monetary establishments that a number of banks within the Czech Republic reported cash disappearing from buyer accounts.

- Back button does not work as expected.

Malware using the StrandHogg flaw was not found on Google Play but was installed on target devices through several dropper apps/hostile downloaders distributed through Google Play.

Related:

Comments

Latest news

Permanent Hair Dyes And Straighteners Increase Women's Risks Of Breast Cancer
One reason for this statistic could be that medical professionals tend to find this cancer at an earlier stage in white women. There was little to no increase in breast cancer risk among women who used semi-permanent or temporary hair dyes, however.

Watch SpaceX launch a twice-flown Dragon capsule to the ISS live
After its launch, the RiTS will be installed via a spacewalk by astronauts, and it will then stay on the outside of the station. RiTS reduces the time it takes for RELL units to be deployed which can be weeks or even months by storing them externally.

Amazon launches its first-ever portable Echo smart speaker in India
The newly launched smart speaker packs itself with a 4,800 mAh battery and promises to provide a backup time of around 10 hours. It also comes with Bluetooth connectivity, allowing you to use it as a Bluetooth speaker by connecting your smartphone.

Trump Holds Private Meeting with UK's Boris Johnson
Arriving for the formal NATO talks in Watford, north of London , Johnson denies he was trying to avoid being seen with Trump. In the past, Trump has also denied he's interested in getting involved in the NHS.

Qualcomm's new ultrasonic fingerprint sensor is 17x larger, offers two-finger authentication
The bigger sensor area also makes it more secure since the scanner is able to get a complete picture of one's fingerprint.

Other news