There’s a new Android vulnerability which has the best disguise of posing as legitimate apps. Security researchers from Promon have discovered the ‘Strandhogg’ vulnerability which has affected all Android versions including the latest Android 10.
Promon in its blog post says that the Strandhogg vulnerability has kept all top 500 popular apps at risk with 36 malicious apps already identified. Hackers also don’t require root access to exploit this vulnerability in Android devices. Once hackers have access to these affected devices they can potentially get every data and more remotely.
The list of possible things hackers can have access to as noted by Promon researchers include listening to the user’s conversations and even recording them, read and send messages, take photos, phish login credentials, access photos and files. Hackers can even get location information, access the phone contacts and call logs as well.
Promon further explains how the malicious app poses as a legitimate one and seeks permissions from the user which are usually accepted. Most app permissions include SMS, camera, microphone and GPS which in turn gives access to hackers to the user’s device. This Android vulnerability can even access sensitive information when users login within this malicious interface.
According to Promon, this malware sample made its way through dropper apps or hostile downloaders in Google Play Store which are usually missed. A recent example of this is the CamScanner app which contained a malicious module through a “Trojan Dropper”. The app was even removed from Google Play.
Promon informed Google about this Android vulnerability earlier this summer. Google has removed the malicious apps but Promon says the vulnerability hasn’t been fixed as yet.
Source: Hindustan Times