Promon, the Norwegian app security firm, has revealed that the discovery of a dangerous Android vulnerability called StrandHogg, which has reportedly infected all versions of Android and has put the top 500 most popular apps at risk.
Tom Lysemose Hansen, the CTO of Promon, commented:
“We have tangible proof that attackers are exploiting StrandHogg in order to steal confidential information. The potential impact of this could be unprecedented in terms of scale and the amount of damage caused because most apps are vulnerable by default and all Android versions are affected.”Tom Lysemose Hansen
However, StrandHogg poses as any other app on the infected device and tricks users into believing that they are using a legitimate app. The vulnerability then allows malicious apps to phish users’ credentials by displaying a malicious and fake version of a login screen.
The report reads:
“When the victim inputs their login credentials within this interface, sensitive details are immediately sent to the attacker, who can then login to, and control, security-sensitive apps.”
Beside from stealing personal information like crypto wallet login credentials, StrandHogg can also reportedly listen to the user through their microphone, read and send text messages, and access all private photos and files on the device, among other nefarious exploits.
Thus, while Google did remove the affected apps, it does not appear as if the vulnerability has been fixed for any version of Android.