News

Vulnerability in Android allows attackers to mask malware as official applications

Security researchers at Promon Information Security Company have discovered a dangerous vulnerability in Android software that could allow cybercriminals to mask malware as official applications to steal logins and passwords for bank accounts.

The vulnerability, called StrandHogg, affects all versions of Android, including Android 10.

What’s the impact?

  • All top 500 most popular apps are at risk
  • Real-life malware is exploiting the vulnerability
  • 36 malicious apps exploiting the vulnerability was identified
  • The vulnerability can be exploited without root access

Using the vulnerability, an attacker can request any permissions, including access to SMS messages, photos, microphone and GPS, which will allow him to read messages, view photos and track the victim’s movements. At the same time, the user will not suspect that he is granting permissions to the criminals instead of the legitimate application.

“The attack can be designed to request permissions which would be natural for different targeted apps to request, in turn lowering suspicion from victims. Users are unaware that they are giving permission to the hacker and not the authentic app they believe they are using”, — say Promon researchers.

The StrandHogg attack, which uses the taskAffinity attribute in Android, allows “replacing” the icon of a legitimate application in such a way that when user clicks on it, a malicious application will start. Thus, when the user enters his credentials in the interface, all information will be sent to the attacker.

Read also: Malware in popular Android keyboard could cost users $18 million

According to experts, this technique was used in attacks on 60 financial organizations (no names are called). As part of the campaigns, various variants of the BankBot banking Trojan were used.

Reference:

BankBot: one of the most widespread banking trojans around, with dozens of variants and close relatives springing up all the time. BankBot attacks have been detected all over the world, in the U.S., Latin America, Europe and the Asia Pacific region.

According to the researchers, StrandHogg is a unique malware because it allows carrying out complex attacks without having access to the root of the device. Besides, it uses the vulnerability in the multi-tasking Android system to carry out powerful attacks that allow malicious applications to mask themselves as any other application on the device.

“This exploit is based on an Android control setting called ‘taskAffinity’ which allows any app – including malicious ones – to freely assume any identity in the multitasking system they desire”, — explain IS experts.

Researchers informed Google about the problem. The tech giant has already removed applications exploiting this vulnerability from the Google Play Store.

Polina Lisovskaya

I works as a marketing manager for years now and loves searching for interesting topics for you

Recent Posts

Remove News-xcidizi.com Pop-up Ads

About News-xcidizi.com News-xcidizi.com pop-ups can not introduce out of nowhere. If you have clicked some…

2 hours ago

Remove Everytraffic-flow.com Pop-up Ads

About Everytraffic-flow.com Everytraffic-flow.com pop-ups can not launch out of nowhere. If you have actually clicked…

2 hours ago

Remove News-xcadelu.live Pop-up Ads

About News-xcadelu.live News-xcadelu.live pop-ups can not launch out of nowhere. If you have actually clicked…

3 hours ago

Remove Wsdefender.xyz Pop-up Ads

About Wsdefender.xyz Wsdefender.xyz pop-ups can not open out of the blue. If you have actually…

3 hours ago

Remove Worlddilgad.top Pop-up Ads

About Worlddilgad.top Worlddilgad.top pop-ups can not expose out of nowhere. If you have clicked on…

3 hours ago

Remove News-xcaxuxe.cc Pop-up Ads

About News-xcaxuxe.cc News-xcaxuxe.cc pop-ups can not expose out of the blue. If you have actually…

3 hours ago