StrandHogg vulnerability enables malicious software to masquerade as trusted Android apps

The people have spoken these are the year's best Android apps and games

Malicious apps can exploit this functionality by setting the TaskAffinity for one or more of its activities to match a package name of a trusted third-party app. StrandHogg opens the door for attackers to listen to a user through a microphone, take photos using the device's camera, read and send SMS text messages, make or record phone conversations, phish login credentials, obtain access to all files and logs on a device and finally access location and Global Positioning System information.

Researchers have discovered several dozen malicious apps that have been exploiting the StrandHogg vulnerability.

Initially discovered by Promon and Lookout, the flaw allows cybercriminals to take advantage of the way Android handles more than one process at a time, depending on which app is being displayed to a user.

Dubbed Strandhogg, the vulnerability resides in the multitasking feature of Android that can be exploited by a malicious app installed on a device to masquerade as any other app on it, including any privileged system app. This makes them second-stage payloads, according to the research.

The company claimed the loophole exists in the multi-tasking system of Android and that threat actors have been exploiting it with malicious apps that compromise legit apps and steal confidential login passwords, location, messages, and other private data from them.

According to Promon, there is no reliable method of detecting if StrandHogg was exploited on an Android device and there is no way to block such an attack. Promon is asking the vulnerability "StrandHogg", an previous Norse time period for the Viking tactic of raiding coastal areas to plunder and maintain folks for ransom.

Google representatives didn't respond to questions about when the flaw will be patched, how many Google Play apps were caught exploiting it, or how many end users were affected.


However, Strandhogg-infected apps don't exist in the Android official App Store Google Play.

The Promon researchers further pointed out that they have disclosed their findings to Google last Summer.

Permission popups that do not comprise an app identify. These codes can ask for permission or show phishing pages. So, when the user clicks a trusted app's icon on the screen, a malicious version instead starts.

Promon researchers mentioned they recognized StrandHogg after studying from an unnamed Japanese European safety firm for monetary establishments that a number of banks within the Czech Republic reported cash disappearing from buyer accounts.

- Back button does not work as expected.

Malware using the StrandHogg flaw was not found on Google Play but was installed on target devices through several dropper apps/hostile downloaders distributed through Google Play.

Related:

Comments

Latest news

Almost 700,000 Americans to lose food stamps under Trump work mandate
Marcia Fudge, a Democrat and chair of the House Agriculture Subcommittee on Nutrition, Oversight, and Department Operations. The move by the administration is the latest in its attempt to scale back the social safety net for low-income Americans.

Star Wars Battlefront II: Celebration adds Rise of Skywalker characters
The Rise of Skywalker content will be released via an update on December 17. The LGBTQ community should not despair, though.

Permanent Hair Dyes And Straighteners Increase Women's Risks Of Breast Cancer
One reason for this statistic could be that medical professionals tend to find this cancer at an earlier stage in white women. There was little to no increase in breast cancer risk among women who used semi-permanent or temporary hair dyes, however.

Watch SpaceX launch a twice-flown Dragon capsule to the ISS live
After its launch, the RiTS will be installed via a spacewalk by astronauts, and it will then stay on the outside of the station. RiTS reduces the time it takes for RELL units to be deployed which can be weeks or even months by storing them externally.

Barr 'disagrees' with DOJ watchdog report that says Russian Federation probe was justified
Barr acknowledged that there are "bad apples" in law enforcement, just as there are in all human institutions. Attorney Mimi Rocah characterized Barr's words as "despicable and unsafe ".

Other news