A serious vulnerability within Android devices can be exploited by threat actors to steal login credentials, track location and more.
Researchers at Norwegian security firm Promon discovered the vulnerability, StrandHogg, whilst investigating apps that had been found stealing money from bank accounts
Strandhogg works by tricking users into thinking they are using legitimate apps but rather are clicking on overlays fooling users into handing over their security credentials.
Unbeknownst to the users, victims grant malicious apps additional permissions allowing the apps to perform numerous tasks including listening in via a phone’s microphone, and intercepting calls and messages.
“We’d never seen this behaviour before,” explained Tom Hansen, chief technology office of Norwegian mobile security Promon. “As the operating system gets more complex it’s hard to keep track of all its interactions.”
Researchers identified 60 financial institutions that were being targeted by various apps exploiting the vulnerability.
“It targeted several banks in several countries and the malware successfully exploited end users to steal money,” Hansen added.
Shockingly, most of the top 500 apps in Google Play were vulnerable and could be easily exploited.
In a statement, Google said: “We appreciate the researchers’ work, and have suspended the potentially harmful apps they identified.”
“Additionally, we’re continuing to investigate in order to improve Google Play Protect’s ability to protect users against similar issues.”
Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.