Newly discovered Android vulnerability dubbed “StrandHogg” being exploited in wide by unknown hackers using weaponized malware apps that posed as a legitimate one to perform various malicious activities.
The vulnerability allows attackers to infect the Android phone without root access, and it affects all the android version including Android 10.
Researchers confirmed that 36 malicious apps are exploiting the vulnerability, and the top 500 most used apps are at risk for this vulnerability.
Dubbed Strandhogg vulnerability in Android OS discovered by Promon, an app protection company that specializing in In-App Protection for both Android and Windows.
Strandhogg vulnerability in the Android allows a malicious app to display an Activity in the UI context of another app. which means, it enables hackers to perform screen overlays attack via malicious banking trojan to gain the apps permission.
Sadly still the vulnerability has not yet been fixed for any version of Android (incl. Android 10).
Attackers mainly infecting Android users via droppers apps distributed via Google Play, Google removed some of the strange apps that posed a threat to Android users, but still, attackers introducing the new dropper apps and downloaders to infect users phone with malware.
At the initial stage of infection, malicious apps that posed a legitimate one requesting to users any sensitive permissions including SMS, photos, microphone, and GPS, allowing them to read messages, view photos and more.
If the user clicks the legitimate app, a malicious login page will be displayed in the victim’s screen instead of a legitimate app screen, it lookalike legitimate one to users.
If they entered any sensitive data such as credentials on the screen, it directly sends to the attackers who can then login to, and control, security-sensitive apps, then the normal legitimate screen will have appeared.
Attackers dropping malware via several Hostile Downloaders and it hijacks the target’s task. Once the targeted app launched by users, the hijacked task will be brought to the front and the malicious activity will be visible.
Finally, the malicious app pretends to be a legitimate one without letting users know and steal sensitive data from compromised Android devices.
galaxycvvru t12shopsu