Researchers have found a new malware that imitates legitimate apps for androids and steals data. The malware has been named StrandHogg 2.0 and affects all devices running Android 9.0 and earlier. operating systems. StrandHogg 2 is the twin of an earlier bug of the same name that a security firm Promon from Norwegia had discovered almost six months ago.
The bug is said to be more dangerous than its predecessor because it’s “nearly undetectable,” Tom Lysemose Hansen, founder and chief technology officer at Promon, told TechCrunch.
Malware StrandHogg 2.0
Promon says that all top 500 apps are vulnerable to malware. The company has identified 36 apps that were exploiting the vulnerability most. They added that it can breach your phone without root access.
Promon in a statement said, “Lookout, a partner of Promon, confirmed that they have identified 36 malicious apps exploiting the vulnerability. Among them were variants of the BankBot banking trojan observed as early as 2017. *During testing, Promon researchers found that all of the 500 most popular apps (as ranked by app intelligence company 42 Matters) are vulnerable to StrandHogg. All versions of Android affected, incl. Android 10* (note: the permission harvesting exploit is only from Android 6.0 and onwards).
“BankBot is one of the most widespread banking trojans around, with dozens of variants and close relatives springing up all the time. BankBot attacks have been detected all over the world, in the U.S., Latin America, Europe and the Asia Pacific region.”
StandHogg 2.0 works by disguising as a normal app Once installed, and when a victim opens a legitimate app, the malicious app hijacks it with malicious content such as a fake login window. When a victim enters the password on the fake window, the passwords are siphoned off to the hacker’s servers.
StrandHogg 2.0 can hijack permission requests for other apps in your devices and get access to your phone, camera, message details. “If the permission is granted, then the malware now has this dangerous permission,” said Hansen.
The hackers can listen to your microphone, take photos from your camera too and get access to all private photos on the device. The fake app can read and send SMS messages, record phone calls, get your GPS location and have full access to your phone, including contact list, logs, etc.
Promon says that it has found no evidence that the bug has been used in any active hacking activity till date. But then it is a very difficult bug to trace too. Promon delayed relaying news about the bug to give Google time to fix this vulnerability.
A spokesperson for Google told TechCrunch, “We appreciate the work of the researchers, and have released a fix for the issue they identified.”
Google said that its Google Play Protect, an app screening service built-in to Android devices, blocks apps that exploit the StrandHogg 2.0 vulnerability. Still, users should be more vigilant and update their Android devices to any security updates released recently.