Image supplied

New Android malware poses as real apps to steal your information

It has been discovered by Norwegian security researchers at Promon that almost every version of Android has been affected by a vulnerability, which allows malware to imitate approved apps and in turn steal app passwords and other personal and sensitive data.


Image supplied

This vulnerability has been named Strandhogg 2.0 and It was named after the Norse term for a hostile takeover.

This “bug” is known as the “evil twin” of a previously discovered bug of the same name, that was discovered only sixth months earlier by the same company.

Strandhogg 2.0 affects every device that runs Android 9.0 and earlier

This vulnerability will trick a victim into entering their password into a copy app whilst thinking it is a legitimate app. This malicious malware is also able to hijack app permissions to siphon off sensitive data from users accounts such as: photos, contacts and can also track a victim’s location in real time.

You can see why this malware would be considered to be so dangerous to users everywhere.

It has also been said that Strandhogg 2.0 is more dangerous than its predecessor because of its near indetectable nature.

Although Promon did say that to date there was no evidence that hackers had been using this bug in any active hacking campaigns as of yet.

Unfortunately, there is no safe way to detect an attack. They will have to wait for an attack to happen first.

Promon being concerned that the bug could be used yet, haven’t released any significant details about it, until the day that they are convinced of Google’s efforts to fix the bug, which has been labeled “critical”.

Google speaks up

Google says that it also has not to date seen any active use or exploitation of said bug.

Google’s spokesperson has said, “We appreciate the work of the researchers, and have released a fix for the issue they identified.”

The spokesperson then went on to explain that Google Play Protect which is an app screening service, that is built into all Android devices, will automatically block the apps that exploit the Strandhogg’s vulnerability.

The Strandhogg 2.0 doesn’t need permissions from Android to run, but it can and will hijack the permissions of other apps that already have the victim’s details and personal information by then triggering a permissions request to the victim.

Good news for the moment is that the risk to users is believed to be low, although not zero unfortunately.

Promon says users should update Android devices with the latest security updates and this should fix the vulnerability.