Actively Exploited StrandHogg Vulnerability Affects Android OS

New Unpatched Strandhogg Android Vulnerability Actively Exploited in the Wild

New Unpatched Strandhogg Android Vulnerability Actively Exploited in the Wild

Malicious apps can exploit this performance by setting the TaskAffinity for a number of of its actions to match a package deal identify of a trusted third-party app.

Android's risky vulnerability could give hackers access to your personal SMS and photos, steal your credentials, track your movements, record your phone conversations and monitor your phone's camera and microphone, Promon researchers said.

The vulnerability is called StrandHogg, which sounds a bit like a posh school in Scottland, but is, in fact, a flaw the allows hackers to create a fake login page pretending to be for a legitimate app.

"The potential impact of this could be unprecedented in terms of scale and the amount of damage caused because most apps are vulnerable by default and all Android versions are affected".

The attacks most likely began after Android users downloaded malicious apps through the Google Play store, according to the report.

A new vulnerability has been found in Android OS. Google's been good at rooting them out and removing them, but it is an ongoing battle, the researchers say.

The company claimed the loophole exists in the multi-tasking system of Android and that threat actors have been exploiting it with malicious apps that compromise legit apps and steal confidential login passwords, location, messages, and other private data from them. Users who had another malicious app on their devices found the StrandHogg-infected apps onboard as well.

Study finds permanent hair dye and straighteners increase risk for breast cancer
Among all participants, regular use of a chemical relaxer or straightener was also associated with an 18% increased risk. ALEXANDRA WHITE: Fifty-five percent of women in our study reported using permanent hair dye in the previous year .

The vulnerability, called StrandHogg, involves Android's core multitasking processes and affects unrooted and rooted phones alike.

"We respect the researchers ['] work, and have suspended the possibly risky apps they recognized. Additionally, we're continuing to investigate in order to improve Google Play Protect's ability to protect users against similar issues", Google told Arstechnica.

"If app developers can just circumvent the system, then asking consumers for permission is relatively meaningless", said Serge Egelman, director of usable security and privacy research at UC Berkeley's International Computer Science Institute, which produced the research. After permission is given, the app starts running normally.

Permissions asked from an app that shouldn't require or need the specific permissions it asks for (considering the functionality of the app).

Buttons and hyperlinks within the person interface that do nothing when clicked on. Promon eventually found that the malware was exploiting the vulnerability. In addition, now, at least 36 examples of malware attacking the vulnerability as far back as 2017 have been identified-some being variants of the notorious Bankbot Trojan.

The malware sample Promon analyzed was installed through several droppers apps and downloaders distributed on Google Play.

Recommended News

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.