Date:31/05/20
Researchers have discovered a serious flaw in the ubiquitous Android operating system that allows malware to masquerade as legitimate applications and deceive users into divulging sensitive data.
Identified by security firm Promon, the malware (dubbed Stranghogg 2.0) infects devices via an illegitimate download and, once onboard, can perform malicious activities via multiple genuine applications.
The malware can also reportedly meddle with application permissions, allowing it to scrape sensitive user data and even track the affected individual’s real-time location.
The vulnerability is present on almost all versions of the Android OS - with the exception of Android 10 (released in September) - accounting for billions of devices.
Strandhogg 2.0 functions by manipulating Android’s multi-tasking mechanism, which enables the user to switch seamlessly between applications without having to reboot them each time.
When a user opens a genuine application, the malware performs a swift hijack and replaces the login page with a rigged overlay, allowing the operators to siphon off any account credentials the user enters.
While the malware does not automatically gain access to all device permissions upon installation, it can also trigger requests to access sensitive data such as messages, photos and location, which the user could then unwittingly approve.
The ability to access both account credentials and SMS messages is a particularly potent combination, because it affords hackers the ability to bypass certain Two-Factor Authentication (2FA) protections used to secure online accounts.
Although Stranghogg 2.0 has the potential to cause serious damage - especially since it is near-impossible to detect - researchers believe the flaw has not been exploited in the wild, a sentiment echoed by Android owner Google.
Promon refrained from publishing any information about the new malware until Google had ample opportunity to develop and issue a fix, to minimise the chances it could be used to mount an attack in the interim.
According to a Google spokesperson, Google Play Protect - the firm’s built-in malware protection service for Android - is now equipped to neutralize Strandhogg 2.0.
While the threat to individual users is reportedly minimal, Android owners are nonetheless advised to update their devices immediately.
This critical Android bug allows malware to masquerade as legitimate apps
Researchers have discovered a serious flaw in the ubiquitous Android operating system that allows malware to masquerade as legitimate applications and deceive users into divulging sensitive data.Identified by security firm Promon, the malware (dubbed Stranghogg 2.0) infects devices via an illegitimate download and, once onboard, can perform malicious activities via multiple genuine applications.
The malware can also reportedly meddle with application permissions, allowing it to scrape sensitive user data and even track the affected individual’s real-time location.
The vulnerability is present on almost all versions of the Android OS - with the exception of Android 10 (released in September) - accounting for billions of devices.
Strandhogg 2.0 functions by manipulating Android’s multi-tasking mechanism, which enables the user to switch seamlessly between applications without having to reboot them each time.
When a user opens a genuine application, the malware performs a swift hijack and replaces the login page with a rigged overlay, allowing the operators to siphon off any account credentials the user enters.
While the malware does not automatically gain access to all device permissions upon installation, it can also trigger requests to access sensitive data such as messages, photos and location, which the user could then unwittingly approve.
The ability to access both account credentials and SMS messages is a particularly potent combination, because it affords hackers the ability to bypass certain Two-Factor Authentication (2FA) protections used to secure online accounts.
Although Stranghogg 2.0 has the potential to cause serious damage - especially since it is near-impossible to detect - researchers believe the flaw has not been exploited in the wild, a sentiment echoed by Android owner Google.
Promon refrained from publishing any information about the new malware until Google had ample opportunity to develop and issue a fix, to minimise the chances it could be used to mount an attack in the interim.
According to a Google spokesperson, Google Play Protect - the firm’s built-in malware protection service for Android - is now equipped to neutralize Strandhogg 2.0.
While the threat to individual users is reportedly minimal, Android owners are nonetheless advised to update their devices immediately.
Views: 435
©ictnews.az. All rights reserved.
Similar news
- Cellphone Use May Raise Cancer Risk
- Australian police pushes cyber safety education
- Vietnam aims to lead in e-government
- Senate Website Gets Hacked
- US builds net for cyber war games
- Japan enacts anti-computer virus law
- India passes law vs e-waste
- Anonymous Declares War On The City Of Orlando
- Microsoft highlights evolving dangers as online identity data proliferates
- Consumers want internet security to be provided by banks
- Government facilities targets of cyber attack
- South Korean web attacks might been war drill
- Sri Lanka to Establish National Passport Database to Increase Border Security
- Hi-tech crime agencies set to employ information security professionals
- Phone hacking and online campaign bring down the News of the World
