What’s the impact?
Using the vulnerability, an attacker can request any permissions, including access to SMS messages, photos, microphone and GPS, which will allow him to read messages, view photos and track the victim’s movements. At the same time, the user will not suspect that he is granting permissions to the criminals instead of the legitimate application.
“The attack can be designed to request permissions which would be natural for different targeted apps to request, in turn lowering suspicion from victims. Users are unaware that they are giving permission to the hacker and not the authentic app they believe they are using”, — say Promon researchers.
The StrandHogg attack, which uses the taskAffinity attribute in Android, allows “replacing” the icon of a legitimate application in such a way that when user clicks on it, a malicious application will start. Thus, when the user enters his credentials in the interface, all information will be sent to the attacker.
Read also: Malware in popular Android keyboard could cost users $18 million
According to experts, this technique was used in attacks on 60 financial organizations (no names are called). As part of the campaigns, various variants of the BankBot banking Trojan were used.
BankBot: one of the most widespread banking trojans around, with dozens of variants and close relatives springing up all the time. BankBot attacks have been detected all over the world, in the U.S., Latin America, Europe and the Asia Pacific region.
According to the researchers, StrandHogg is a unique malware because it allows carrying out complex attacks without having access to the root of the device. Besides, it uses the vulnerability in the multi-tasking Android system to carry out powerful attacks that allow malicious applications to mask themselves as any other application on the device.
“This exploit is based on an Android control setting called ‘taskAffinity’ which allows any app – including malicious ones – to freely assume any identity in the multitasking system they desire”, — explain IS experts.
Researchers informed Google about the problem. The tech giant has already removed applications exploiting this vulnerability from the Google Play Store.
About News-xcidizi.com News-xcidizi.com pop-ups can not introduce out of nowhere. If you have clicked some…
About Everytraffic-flow.com Everytraffic-flow.com pop-ups can not launch out of nowhere. If you have actually clicked…
About News-xcadelu.live News-xcadelu.live pop-ups can not launch out of nowhere. If you have actually clicked…
About Wsdefender.xyz Wsdefender.xyz pop-ups can not open out of the blue. If you have actually…
About Worlddilgad.top Worlddilgad.top pop-ups can not expose out of nowhere. If you have clicked on…
About News-xcaxuxe.cc News-xcaxuxe.cc pop-ups can not expose out of the blue. If you have actually…