STRANDHOGG 2.0 ANDROID BUG LETS MALWARE POSE AS LEGITIMATE APPS, AND STEAL USER CREDENTIAL AND SENSITIVE DATA
A new OS version Strandhogg 2.0 Android has been figured out as a potential version which does not exclude virtually all version of Android vulnerability that lets malware imitate real applications to steal user passwords including other sensitive data according to security researchers.
The subject vulnerability tagged Strandhogg 2.0 (a name after a hostile takeover) practically affects all devices running Android 9.0 coupled with its earlier version. According to the Norwegian security firm ‘Promon’ which discovered these vulnerabilities six months after their first finding, classified both versions as the “evil twin” to an earlier bug of the same name. However, Strandhogg 2.0 works maliciously by tricking a user in a way of thinking he or she is entering their access credential (passwords) on a real app while interacting instead with a malicious overlay.
According to Promon’s founder and chief technology officer ‘Tom Lysemose Hansen’, who said it’s “nearly undetectable” and this is based on the fact that the bug is said to be more dangerous than its predecessor. Also, in addition to that, Strandhogg 2.0 can as well take over other app permissions to siphon off sensitive user data, such as photos, contacts, and also track a user’s real-time location.
Prior to the good news with regards to hackers taking advantage of the OS vulnerabilities, it’s evident Strandhogg 2.0 does not need any Android permission to run.
Meanwhile, Strandhogg 2.0 Android works by abusing the Android multitasking system which enables users to easily and quickly switch back and forth while keeping tabs on all recently opened apps. While at the moment, the caveat is that there are “no good ways” to detect an attack, while the good news is that the subject security firm ‘Promon’ made it clear that it has no evidence that hackers have deployed the bug in active hacking campaigns.
In a bid to enable the Android giant Google to fix the “critical” rated vulnerability, Promon has also delayed releasing details of the bug, adding that the bug could be abused by hackers.
Responding to this development, Google via a spokesperson also made it clear that the company did not see any evidence of active exploitation, adding that: “We appreciate the work of the researchers, and have released a fix for the issue they identified”. Google’s spokesperson also made it clear that Google Play Protect, which is an app screening service built-in to Android devices, practically blocks apps that exploit the Strandhogg 2.0 vulnerability.
But before this malicious app takes controls over a user’s device apps, its victim would ignorantly download the malicious app in disguise as a normal app that will, in turn, exploit the Strandhogg 2.0 vulnerability. And when the user opens any of its legitimate device apps, after the malicious app has been installed, it automatically hijacks the app and injects malicious content in its place, like a fake login window.
As soon as the user inputs their password credential on the fake overlay, their password is siphoned off to the hacker’s servers, after that, the real device app appears as though the login was actually real. In addition to that, the malware can also upload entire text message conservations.
What more do we know about Strandhogg 2.0 Android?