Promon, the Norwegian app security firm, has revealed that the discovery of a dangerous Android vulnerability called StrandHogg, which has reportedly infected all versions of Android and has put the top 500 most popular apps at risk.
Serious Android vulnerability leaves most apps vulnerable to attacks. All versions of Android affected (incl. Android 10,) and real-life malware is currently exploiting the flaw. Learn more: https://t.co/RCJGHbjDMy #StrandHogg #Android #Vulnerability — Promon (@Promon_Shield) December 2, 2019
Tom Lysemose Hansen, the CTO of Promon, commented:
“We have tangible proof that attackers are exploiting StrandHogg in order to steal confidential information. The potential impact of this could be unprecedented in terms of scale and the amount of damage caused because most apps are vulnerable by default and all Android versions are affected.” Tom Lysemose Hansen
However, StrandHogg poses as any other app on the infected device and tricks users into believing that they are using a legitimate app. The vulnerability then allows malicious apps to phish users’ credentials by displaying a malicious and fake version of a login screen.
This dangerous StrandHogg vulnerability allows hackers to steal sensitive info from Android apps including Crypto Wallet Info https://t.co/cpmvs8ssZl pic.twitter.com/3IcwwzaZ2s — Jason Fernandes (@TokenJay) December 4, 2019
The report reads:
“When the victim inputs their login credentials within this interface, sensitive details are immediately sent to the attacker, who can then login to, and control, security-sensitive apps.”
Beside from stealing personal information like crypto wallet login credentials, StrandHogg can also reportedly listen to the user through their microphone, read and send text messages, and access all private photos and files on the device, among other nefarious exploits.
Thus, while Google did remove the affected apps, it does not appear as if the vulnerability has been fixed for any version of Android.