Published On: Tue, May 26th, 2020

A new Android bug, Strandhogg 2.0, lets malware poise as genuine apps and take user data

Security researchers have found a vital disadvantage in roughly each chronicle of Android, that lets malware embrace legitimate apps to take app passwords and other supportive data.

The vulnerability, dubbed Strandhogg 2.0 (named after a Norse tenure for a antagonistic takeover) affects all inclination using Android 9.0 and earlier. It’s the “evil twin” to an progressing bug of a same name, according to Norwegian confidence organisation Promon, that detected both vulnerabilities 6 months apart. Strandhogg 2.0 works by tricking a plant into meditative they’re entering their passwords on a legitimate app while instead interacting with a antagonistic overlay. Strandhogg 2.0 can also steal other app permissions to siphon off supportive user data, like contacts, photos, and lane a victim’s real-time location.

The bug is pronounced to be some-more dangerous than a prototype since it’s “nearly undetectable,” Tom Lysemose Hansen, owner and arch record officer during Promon, told TechCrunch.

The good news is that Promon pronounced it has no justification that hackers have used a bug in active hacking campaigns. The premonition is that there are “no good ways” to detect an attack. Fearing a bug could still be abused by hackers, Promon behind releasing sum of a bug until Google could repair a “critical”-rated vulnerability.

A orator for Google told TechCrunch that a association also saw no justification of active exploitation. “We conclude a work of a researchers, and have expelled a repair for a emanate they identified.” The orator pronounced Google Play Protect, an app screening use built-in to Android devices, blocks apps that feat a Strandhogg 2.0 vulnerability.

Standhogg 2.0 works by abusing Android’s multitasking system, that keeps tabs on each recently non-stop app so that a user can fast switch behind and forth. A plant would have to download a antagonistic app — sheltered as a normal app — that can feat a Strandhogg 2.0 vulnerability. Once commissioned and when a plant opens a legitimate app, a antagonistic app fast hijacks a app and injects antagonistic calm in a place, such as a feign login window.

When a plant enters their cue on a feign overlay, their passwords are siphoned off to a hacker’s servers. The genuine app afterwards appears as yet a login was real.

Strandhogg 2.0 doesn’t need any Android permissions to run, though it can also steal a permissions of other apps that have entrance to a victim’s contacts, photos, and messages by triggering a permissions request.

“If a accede is granted, afterwards a malware now has this dangerous permission,” pronounced Hansen.

Once that accede is granted, a antagonistic app can upload information from a user’s phone. The malware can upload whole content summary conversations, pronounced Hansen, permitting a hackers to better two-factor authentication protections.

The risk to users is expected low, though not zero. Promon pronounced updating Android inclination with a latest confidence updates — out now — will repair a vulnerability. Users are suggested to refurbish their Android inclination as shortly as possible.

Millions downloaded dozens of Android apps from Google Play that were putrescent with adware

About the Author