Android flaw lets hackers use fake login pages to swallow banking data

Alonzo Simpson
December 4, 2019

Security researchers say millions of Android phones are susceptible to a newly discovered vulnerability that, if exploited, could allow an attacker to spy on users through the phone's microphone, take photos with the phone's camera, read and send SMS text messages, make and record phone conversations, phish login credentials, and a host of other nefarious deeds.

With fake permission prompts in legit apps, users can also be tricked into giving access to location, messages, which contain OTPs or two-factor codes, as well as allowing recording calls or tracking the real-time activity, including photos/videos, on the device.

It works by exploiting a problem in Android's multitasking system, enabling malicious app to overlay legitimate apps with fake login screens that fool users into handing over security credentials. "The potential impact of this could be unprecedented in terms of scale and the amount of damage caused because most apps are vulnerable by default and all Android versions are affected", Promon CTO Tom Lysemose Hansen says.

"StrandHogg, unique because it enables sophisticated attacks without the need for a device to be rooted, uses a weakness in the multitasking system of Android to enact powerful attacks that allows malicious apps to masquerade as any other app on the device", Promon's researchers explained. Google, however, removed the affected apps that could help drop StrandHogg on an Android device. In all it found that 60 financial institutions had been targeted with various apps that exploited the vulnerability.

Get access to photos, files on the device, location and Global Positioning System information, the contacts list, phone logs, etc.

Draisaitl scores twice as Oilers edge Canucks
He has nine goals and 19 points in 28 games this season playing predominantly on the Oilers top line with McDavid and Draisaitl. Connor McDavid cut the Oilers' deficit to 2-1 in the first period on a goal assisted by Ethan Bear and Sam Gagner .

Called StrandHogg, the vulnerability affects all versions of Android, including Android 10, and the researcher who made the discovery says that it "leaves most apps vulnerable to attacks". This Android vulnerability can even access sensitive information when users login within this malicious interface.

Very important to know is that StrandHogg does not spread through applications published in the Google Play Store.

In its report, the security firm further added that there's no reliable method of detecting StrandHogg exploit being abused on a device.

What's worse is that Promon claims the vulnerability can be exploited without root access, and researchers from Lookout say they have already identified a total of 36 malicious apps whose goal is to take advantage of StrandHogg.

Promon said the research built upon that carried out by Penn State University in 2015, which found aspects of the flaw and disclosed it to Google, but the search giant dismissed the vulnerability's severity.

Other reports by

Discuss This Article