Newly discovered StrandHogg vulnerability puts all android users at risk. A new Android vulnerability has come to light. And over 36 malicious apps are said to be exploiting it in the wild. Norwegian in-app security firm Promon has discovered this new vulnerability in the Android operating system. And well, it’s a super sneaky one. Dubbed StrandHogg, the vulnerability allows malicious apps to hijack genuine apps and perform malicious operations on their behalf.
The StrandHogg vulnerability is unique because
it enables sophisticated attacks without the need for a device to be root. Uses a weakness in the multitasking system of Android to enact powerful attacks. That allows malicious apps to masquerade as any other app on the devicesays Promon in its report
This vulnerability is
“based on an Android control setting called task affinity, which allows any app, including the malicious ones, to freely assume any identity in the multitasking system they desire”.
This is an OS-level that, sadly, Google doesn’t fix in any version of Android to date and all Android devices now exposed to this security flaw and malicious intent.
StrandHogg identified after Promon learned that several banks in the Czech Republic reported money disappearing from customer accounts. A client in the financial sector provided Promon a data sample to analyze and the security flaw discovered using the same.
Then discovered that a total of 36 apps were exploiting the flaw to trick users into granting intrusive permissions to malicious apps – while they thought they were using a legitimate app. Malicious apps were also able to serve fake login pages (phishing attack) inside these apps to further trick people into doling out their personal information.
Promon hasn’t listed the apps but mentions that none of them are available for download via the Play Store. Instead, the malicious apps installed on devices as second-stage downloads. Users who had another malicious app on their devices found the StrandHogg-infected apps onboard as well.
In its report, the security firm further added that there’s no reliable method of detecting StrandHogg exploit abused on a device. There’s also no way to block the attack at this instant. But you keep a close watch over what permissions an app asks. Also, closing recently opened apps from time-to-time could also help keep you safe, says Promon.