Researchers have discovered a serious flaw in the ubiquitous Android operating system that allows malware to impersonate legitimate apps and trick users into revealing sensitive data. Identified by security company Promon, the malware (nicknamed Stranghogg 2.0) infects devices via a rogue download and, once on board, can carry out malicious activities via various authentic apps. The malware could also interfere with the app's permissions, allowing it to delete sensitive user data and even track the location of the data subject in real time. The vulnerability is present in almost all versions of the Android operating system, with the exception of Android 10 (released in September), which accounts for billions of devices.
Android malware
Strandhogg 2.0 works by manipulating Android's multitasking mechanism, which allows the user to seamlessly switch between apps without having to restart each time. When a user opens a genuine app, the malware performs a quick hijack and replaces the login page with a fake overlay, allowing operators to extract all the account credentials the user enters. Although the malware does not automatically grant all device permissions during installation, it can also trigger requests for access to sensitive data, such as messages, photos, and location, which the user could approve without their knowledge. The ability to access both account credentials and SMS messages is a particularly powerful combination, giving hackers the ability to bypass certain two-factor authentication (2FA) protections used to protect online accounts. . Although Stranghogg 2.0 has the potential to cause serious damage, especially since it's nearly impossible to detect, researchers believe the flaw hasn't been exploited in the wild, a sentiment echoed by Android's owner, Google. Promon refrained from publishing information about the new malware until Google has had ample opportunity to develop and issue a patch, to minimize the chances that it could be used to launch an attack in the meantime. According to a Google spokesperson, Google Play Protect, the company's integrated malware protection service for Android, is now equipped to neutralize Strandhogg 2.0. While the threat to individual users would be minimal, Android owners are urged to update their devices immediately. Via TechCrunch