New Android bug ‘StrandHogg’ authorizes malware to pose as legal Android Apps

This flaw targets daily functions like messages and photos, which doesn't seem odd at first.

A new bug has been discovered by a group of researchers that affect Android devices. This bug, named StrandHogg, acts as legitimate apps that allows it to control the day-to-day functions of your phone. Security researchers Caner Kaya, John Høegh-Omdal, and Markus Ottensmann of Promon identified the flaw.

New Android bug ‘StrandHogg’ authorizes malware to pose as legal Android Apps
Image Source: 360 Security

The researchers dubbed the bug “StrandHogg” from old Norse for the Viking tactic of plundering villages and holding people for ransom. Users wouldn’t even know that they are being exploited as the malware can pose as an app, like Instagram or WhatsApp.

Researchers wrote in a blog, “The attack can be designed to request permissions which would be natural for different targeted apps to request, in turn lowering suspicion from victims. Users are unaware that they are giving permission to the hacker and not the authentic app they believe they are using.”

New Android bug ‘StrandHogg’ authorizes malware to pose as legal Android Apps
Image Source: Promon.co

According to the researchers, all Android devices, including the ones running Android 10, are at a risk along with 500 apps. Moreover, this vulnerability can be utilized without a root access. Going by the detailed report, if this flaw is exploited by hackers, they can – listen to the user through the microphone, take photos through the camera, read and send SMS messages, Make and/or record phone conversations, access contact list, phone logs, and all private photos and files on the device, phish login credentials, get location and GPS information, etc. This exploit is based on an Android control setting called “taskAffinity,” which permits any app to freely assume any identity in the multitasking system.

Google responded to Promon’s findings in a statement saying, “We appreciate the researchers’ work, and have suspended the potentially harmful apps they identified. Google Play Protect detects and blocks malicious apps, including ones using this technique. Additionally, we’re continuing to investigate in order to improve Google Play Protect’s ability to protect users against similar issues.”


RECENT NEWS

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.