Android Vulnerability Leaves Sensitive Data Exposed to Attackers

Don’t invest unless prepared to lose all the money you invest. This is a high-risk investment, you shouldn’t expect to be protected if something goes wrong.

android
android

Join Our Telegram channel to stay up to date on breaking news coverage

Promon, a cybersecurity research firm, is calling the attention of smartphone users to a vulnerability on the Android platform that could jeopardize the safety of their Bitcoin.

In a Twitter post published on December 2, the researchers at the Norwegian company gave an account of how they discovered StrandHogg, an Android vulnerability which, as they described, has affected the top 500 apps on the Play Store, an s capable of affecting all mobile phones irrespective of their Android version. 

Masking as Legit apps

As the company explained, StrandHogg poses as a regular app on an infected device, thus allowing its malicious software to steal users’ login details through its fake login screen. As soon as sensitive details are put on the login page, the virus immediately sends them to the attackers, who use them to gain entry into the victim’s accounts. 

Essentially, this means that attackers can use StrandHogg to steal anything, varying from Email addresses to cryptocurrency wallet passwords and banking apps. However, as Promon notes, the virus can also hack into a mobile phone’s microphone, read, and even send text messages. It can also read files on the mobile phone along with details on pictures and other media components. 

The company added that while they had informed Google about the vulnerability as far back as the summer of 2018, the internet company only took out the affected apps. The malicious app itself exists on all Android versions. 

Promon initially found 36 apps on the Google Play Store, which, when installed, loads the additional apps onto the affected devices. These secondary apps are the ones that activate StrandHogg malware.

“The specific malware sample which Promon analyzed did not reside on Google Play but was installed through several dropper apps/hostile downloaders distributed on Google Play. These apps have now been removed, but in spite of Google’s Play Protect security suite, dropper apps continue to be published and frequently slip under the radar, with some being downloaded millions of times before being spotted and deleted,” Promon asserted in its release. 

Disguise is the new norm 

To be safe, the company adds that smartphone users should be wary of certain red flags when operating their phones. These include apps constantly requesting for logins, person pop-ups that have app names, typos in user interfaces, malfunctioning “back” buttons, and permission requests from apps which would have no use for them (such as calculators)

These days, malicious codes asking as legitimate apps or websites are becoming commonplace. The mode of operation has formed the backbone of some of the cryptocurrency industry’s top scam methods, including but not limited to ransomware and cryptojacking. 

In August, cybersecurity firm Varonis released a research report on Norman, a new form of malware that, among other things, can evade a computer’s task manager software. Per the report, Norman shuts down immediately the task manager is activated and starts when the latter is closed. 

With all of these, the demand for security has continued to skyrocket. 

Join Our Telegram channel to stay up to date on breaking news coverage

Read next

Please enter Coingecko Free Api Key to get this plugin works