Researchers at Promon, a cybersecurity firm better known for its in-app security protection, have found a vulnerability in the Android operating system named “StrandHogg.” It allows malware gangs to hijack legitimate apps and perform malicious operations like phishing.
It is also confirmed that Lookout, a partner of Promon, has identified 36 malicious apps already exploiting the StrandHogg vulnerability in the wild. Promon researchers found that all the 500 most popular apps (as ranked by app intelligence company 42 Matters) are vulnerable to StrandHogg and affect all versions of Android including Android 10.
As per researchers, “StrandHogg uses a weakness in the multitasking system of Android to enact powerful attacks that allow malicious apps to masquerade as any other app on the device. This exploit is based on an Android control setting called ‘taskAffinity’ which allows any app – including malicious ones – to freely assume any identity in the multitasking system they desire.”
To put it in simpler words, when users tap on a legitimate app, a malicious code is triggered in place of the original one. Users are then asked for intrusive permission (e.g. use of mobile microphone, camera, GPS, read and send SMS messages), which gives hackers device access control or shown phishing pages that fetches user’s login credentials and indirectly gives hackers access to security-sensitive apps.
Researchers also pointed out that StrandHogg is unique because it enables sophisticated attacks without rooting the device and asking any special permissions post exploitation. There’s no effective way to block or detect the StrandHogg vulnerability on the device itself. But users can stay alert by looking out for the following:
- An app or service that you’re already logged into is asking for a login.
- Permission popups that do not contain an app name.
- Permissions asked from an app that shouldn’t require or need the specific permissions it asks for (considering the functionality of the app).
- Typos and mistakes in the user interface.
- Buttons and links in the user interface that do nothing when clicked on.
- Back button does not work as expected.
Seems like Android is not the only OS facing vulnerability issues. In September this year, security expert Jose Rodriguez discovered a Zero-Day Exploit in the newly launched iPhone 11 series. Rodriguez revealed, in a tweet, that an attacker can exploit the bug in the new devices and their operating system iOS 13 to bypass the lock screen and access the phone’s contact information. Rodriguez even published a video demonstrating how to crack the device.