EXCITING NEWS: TNG WhatsApp Channel is LIVE…
Subscribe for FREE to get LIVE NEWS UPDATE. Click here to subscribe!
A Norwegian app security company has identified tangible evidence of a dangerous Android vulnerability that allows malware to pose as any legitimate app, granting hackers access to private SMS’ and photos, steal victims’ log-in credentials, track movements, make and/or record phone conversations, and spy through a phone’s camera and microphone.
TheNewsGuru.com (TNG) reports security researchers at the Norwegian app security company, Promon, conducted research into real-life malware that exploits this serious flaw and found all of the top 500 most popular apps, including mobile banking apps, are at risk, with all versions of Android affected, including Android 10, released in early September 2019.
The vulnerability, dubbed StrandHogg makes it possible for a malicious app to ask for permissions while pretending to be the legitimate app. An attacker can ask for access to any permission, including SMS, photos, microphone, and GPS, allowing them to read messages, view photos, eavesdrop, and track the victim’s movements.
The attack can be designed to request permissions which would be natural for different targeted apps to request, in turn lowering suspicion from victims. Users are unaware that they are giving permission to the hacker and not the authentic app they believe they are using.
By exploiting this vulnerability, a malicious app installed on the device can attack the device and trick it so that when the app icon of a legitimate app is clicked, a malicious version is instead displayed on the user’s screen.
When the victim inputs their login credentials within this interface, sensitive details are immediately sent to the attacker, who can then login to, and control, security-sensitive apps.
StrandHogg, unique because it enables sophisticated attacks without the need for a device to be rooted, uses a weakness in the multitasking system of Android to enact powerful attacks that allows malicious apps to masquerade as any other app on the device.
This exploit is based on an Android control setting called ‘taskAffinity’ which allows any app – including malicious ones – to freely assume any identity in the multitasking system they desire.
Promon has conducted research of real-life malware that exploits this serious flaw and found all of the top 500 most popular apps are at risk, with all versions of Android affected.
The vulnerability has been named by Promon as ‘StrandHogg’, old Norse for the Viking tactic of raiding coastal areas to plunder and hold people for ransom.