Android Vulnerability Allows Hackers to Steal Crypto Wallet Info

Baptized StrandHogg, the security flaw allows infected apps to pose as legitimate apps, and researchers explain that all top 500 most popular apps available on Android are now at risk.

Promon security researchers have uncovered a vulnerability that could allow cybercriminals to access private data on any Android phone.

The request showing up on the screen can provide attackers with access to the camera, read and send messages, record phone conversations, get location and Global Positioning System information, steal the contact list and phone logs, and extract all files and photos stored on the compromised device.

The vulnerability then allows malicious apps to phish users' credentials by displaying a malicious and fake version of a login screen. "The potential impact of this could be unprecedented in terms of scale and the amount of damage caused because most apps are vulnerable by default and all Android versions are affected", Promon CTO Tom Lysemose Hansen says.

Hackers are actively exploiting StrandHogg, a newly revealed Android vulnerability, to steal users' mobile banking credentials and empty their accounts, a Norwegian app security company has warned.

"The attack can be created to request permissions which would be natural for different targeted apps to request, in turn lowering suspicion from victims".

"These apps have now been removed, but in spite of Google's Play Protect security suite, dropper apps continue to be published and frequently slip under the radar, with some being downloaded millions of times before being spotted and deleted".

Called StrandHogg, the vulnerability affects all versions of Android, including Android 10, and the researcher who made the discovery says that it "leaves most apps vulnerable to attacks". Instead, it uses a vulnerability in the multi-tasking system of Android (called "taskAffinity") to carry out malicious activities. The researchers say they confirmed with Promon's partner Lookout that at least 36 malicious apps are exploiting the vulnerability in the wild (though none of those are available in Google Play).

Promon unearthed the security hole while investigating apps that been found stealing money from bank accounts.

The researchers further note that sophisticated attacks by way of StrandHogg do not require the device to be rooted.

Malware using the StrandHogg flaw was not found on Google Play but was installed on target devices through several dropper apps/hostile downloaders distributed through Google Play.

Google has responded to news of the vulnerability by saying: "We appreciate the researchers' work, and have suspended the potentially harmful apps they identified".



Other news