StrandHogg vulnerability enables malicious software to masquerade as trusted Android apps

The people have spoken these are the year's best Android apps and games

Malicious apps can exploit this functionality by setting the TaskAffinity for one or more of its activities to match a package name of a trusted third-party app. StrandHogg opens the door for attackers to listen to a user through a microphone, take photos using the device's camera, read and send SMS text messages, make or record phone conversations, phish login credentials, obtain access to all files and logs on a device and finally access location and Global Positioning System information.

Researchers have discovered several dozen malicious apps that have been exploiting the StrandHogg vulnerability.

Initially discovered by Promon and Lookout, the flaw allows cybercriminals to take advantage of the way Android handles more than one process at a time, depending on which app is being displayed to a user.

Dubbed Strandhogg, the vulnerability resides in the multitasking feature of Android that can be exploited by a malicious app installed on a device to masquerade as any other app on it, including any privileged system app. This makes them second-stage payloads, according to the research.

The company claimed the loophole exists in the multi-tasking system of Android and that threat actors have been exploiting it with malicious apps that compromise legit apps and steal confidential login passwords, location, messages, and other private data from them.

According to Promon, there is no reliable method of detecting if StrandHogg was exploited on an Android device and there is no way to block such an attack. Promon is asking the vulnerability "StrandHogg", an previous Norse time period for the Viking tactic of raiding coastal areas to plunder and maintain folks for ransom.

Google representatives didn't respond to questions about when the flaw will be patched, how many Google Play apps were caught exploiting it, or how many end users were affected.


However, Strandhogg-infected apps don't exist in the Android official App Store Google Play.

The Promon researchers further pointed out that they have disclosed their findings to Google last Summer.

Permission popups that do not comprise an app identify. These codes can ask for permission or show phishing pages. So, when the user clicks a trusted app's icon on the screen, a malicious version instead starts.

Promon researchers mentioned they recognized StrandHogg after studying from an unnamed Japanese European safety firm for monetary establishments that a number of banks within the Czech Republic reported cash disappearing from buyer accounts.

- Back button does not work as expected.

Malware using the StrandHogg flaw was not found on Google Play but was installed on target devices through several dropper apps/hostile downloaders distributed through Google Play.

Related:

Comments

Latest news

Arabsat 6A Satellite launched
NASA's Saturn V rockets, used for the Apollo moon shots, are the all-time launch leaders so far in size and might. SpaceX's reusable designs make the Falcon Heavy an appealing way to get large payloads into space .

Jose Mourinho: Tottenham boss says Man Utd is a closed chapter
The veteran midfielder found his game time slightly limited towards the back end of last campaign under Ole Gunnar Solskjaer. How can we beat them? "I fear for them against Tottenham and I fear for them against Manchester City on Saturday.

Soccer Player Benik Afobe Shares His 2-Year-Old Daughter Passed Away
The statement also said that the Afobe family was "heartbroken and devastated" and are requesting privacy during this hard time.

Trump Holds Private Meeting with UK's Boris Johnson
Arriving for the formal NATO talks in Watford, north of London , Johnson denies he was trying to avoid being seen with Trump. In the past, Trump has also denied he's interested in getting involved in the NHS.

Qualcomm's new ultrasonic fingerprint sensor is 17x larger, offers two-finger authentication
The bigger sensor area also makes it more secure since the scanner is able to get a complete picture of one's fingerprint.

Other news