CATEGORIES
home News

Major Android Vulnerability Could Let Strandhogg Malware Pose As Legitimate Apps

by Shane McGlaunWednesday, May 27, 2020, 01:45 PM EDT
android malware pair

Security researchers have found a new vulnerability that impacts almost every version of the Android operating system. The vulnerability is called Strandhogg 2.0, and it could allow malware to impersonate legitimate apps to steal passwords and other sensitive data from user devices. Strandhogg 2.0 impacts every device running Android 9.0 or earlier.

Security researchers have dubbed the vulnerability the "evil twin" to the earlier vulnerability of the same name. Both bugs were discovered by a security firm called Promon. Strandhogg 2.0 tricks victims into thinking they are entering their passwords on a legitimate app while they are instead interacting with a malicious overlay.

The bug is also able to hijack other app permissions to steal sensitive user data, including contacts, photos, and to track the victim in real-time. Strandhogg 2.0 is described as more dangerous than its predecessor because of its nearly undetectable nature. Android users concerned about the bug can at least take solace in the fact that Promon says it has no evidence hackers have used the bug in active campaigns.

All details of the security issue were withheld until Google fixed the vulnerability, which was rated "critical." Google has also stated that it saw no evidence of active exploitation of the vulnerability by hackers. A fix for the flaw has been issued, and Google Play Protect built into Android devices screens for any app trying to exploit the vulnerability.

The exploit operated by abusing the Android multitasking system. A Strandhogg 2.0 app would've been able to hijack other open apps and inject malicious content in its place, such as a fake login window. If the user entered a password on the fake overlay, the data would have been siphoned off and sent to servers controlled by the hacker.

Apps leveraging the vulnerability wouldn't have needed any Android permissions to access contacts, photos, and messages because it would trigger a fake permissions request for the app it was impersonating. Once the fake permissions request was granted, the malware gained that permission. Android has had other significant problems this month. A report surfaced that Google Firebase database misconfigurations left private data vulnerable to hackers in over 4000 Android apps.

Tags:  Android, Malware, security
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment