Hackers are actively exploiting StrandHogg, a newly revealed Android vulnerability that could allow cybercriminals to steal users’ mobile banking credentials, including crypto wallet, and empty their accounts, a Norwegian app security company has warned.
The Norwegian firm specializing in In-App Protection, Promon identified the StrandHogg vulnerability, which infected all version of Android and has put all of the top 500 most popular Android apps at risk.
StrandHogg allows hackers to show users fake login screens and ask for all types of permissions that may ultimately allow them to read and send messages (including those delivering second authentication factors), phish login credentials, make and record phone conversations, listen to the user through the microphone, take photos through the device’s camera, get access to photos, files on the device, location and GPS information, the contacts list, phone logs, among other nefarious exploits.
According to the researchers, there is no effective block or reliable detection method against StrandHogg on Android devices, therefore users are advised to be on the lookout for things like an app or service that they have already logged into asking for a login; permission pop-ups that don’t contain an app name; buttons and links in the user interface that do nothing when clicked on; and typos and mistakes in the user interface.
The mobile security company, Lookout has recognized 36 malicious apps exploiting the StrandHogg vulnerability, and among them were variants of the BankBot banking trojan.
The Promon researchers further pointed out that they have disclosed their findings to Google last Summer. However, while Google did remove the affected apps, it does not appear as if the vulnerability has been fixed for any version of Android.
What's Your Reaction?
A keen researcher who believes in enriching her knowledge. For Shuhada, the crypto world intrigues her sense and offers plenty of high delicious 'crypto cuisines'.