Newly discovered Android StrandHogg vulnerability exploited by malware

Newly discovered Android StrandHogg vulnerability exploited by malware

"Promon identified the StrandHogg vulnerability after it was informed by an Eastern European security company [Wultra] for the financial sector (to which Promon supplies app security support) that several banks in the Czech Republic had reported money disappearing from customer accounts". Lookout said that criminals used variants of the notoriously risky money-stealing application known as bankbot.

"StrandHogg (...) uses a weakness in the multitasking system of Android to enact powerful attacks that allows malicious apps to masquerade as any other app on the device". Promon is asking the vulnerability "StrandHogg", an previous Norse time period for the Viking tactic of raiding coastal areas to plunder and maintain folks for ransom. The time that the new threat has been around for is considerable, Bakken notes: " Consumers and app developers alike were exposed to various types of fraud as a result for four years. Researchers of Promon Security have found that the vulnerability is capable of infecting most of the Android versions including the latest version Android 10. The vulnerability exploits the multitasking process of the operating system. This means that, even while using a legitimate app, victims could be activating malware that shows phishing pages or asks for permissions that give cybercriminals unauthorized access to their device. "The vulnerability also allows an attacker to masquerade as almost any app in a highly believable manner", they noted. Google's been good at rooting them out and removing them, but it is an ongoing battle, the researchers say.

In a statement, Google said: "We appreciate the work of the investigators, and has suspended the application of potentially unsafe they are identified". Google Play Shield detects and blocks malicious apps, together with ones utilizing this system.

- Permissions asked from an app that shouldn't require or need the permissions it asks for.

Tech sold in Russia required to have Russian apps under law
Those with a foreign agent distinction are subject to additional government scrutiny. Putin blamed Western influence and money for those protests.

Typos and mistakes in the user interface.

Promon's chief technology officer welcomed Google's response, as he said many other applications that could potentially be exploited through spoofing bug. In addition, now, at least 36 examples of malware attacking the vulnerability as far back as 2017 have been identified-some being variants of the notorious Bankbot Trojan.

The malware sample analyzed by Promon didn't reside on Google Play but had been installed via "dropper apps/hostile downloaders" that are distributed on Google Play.

Readers are once again reminded to be highly suspicious of Android apps available both in and outside of Google Play. "The vulnerability also allows an attacker to masquerade as almost any app in a highly believable manner".

Related News:



Most liked

700,000 people will lose food stamps with USDA work requirement change
Over the past year the Agriculture Department has proposed three significant changes to the food stamp program. "Pay attention. House Republicans unsuccessfully pushed to include SNAP work requirement provisions in last year's farm bill.

Global carbon emissions set to grow more slowly in 2019, experts say
According to the study, concentrations of Carbon dioxide in the atmosphere continue to grow - projected to reach 410 parts per million averaged over the year.

Scientists slam China gene-editing study, warn of freak mutations
The scientists believe that the parents of the twins wanted to partake in this experiment for the wrong reasons. The statement that embryo editing will help millions is equal parts delusional and outrageous".

I'm A Celebrity bosses address controversy surrounding first eviction
She said the campsite had made her feel included, and she had learnt she is stronger than she first thought. I'm A Celeb's James Haskell and Cliff Parisi clashed over who should take on the latest Bushtucker Trial.

Terry Crews criticized the reaction to Gabrielle Union's "AGT" dismissal
Stern said it is "obvious" that the show consistently replaces female judges with younger and more attractive women. Meanwhile, the show's creator and host Simon Cowell , has been severely criticized and blamed for the culture.

Jay-Z’s 50th birthday celebrated with a return to Spotify
After a two-year hiatus, Shawn " Jay Z " Carter's music is back on Spotify and it's just in time for his fiftieth birthday . However, Spotify announced the news by wishing him a Happy Birthday on Twitter earlier today.

Read the legal experts' opening statements before the House Judiciary Committee
Gerhardt said. "Obstruction of justice, I think, is too clear not to include" in impeachment articles, Clyburn said. Democrats say the Republican president misused the power of his office and obstructed Congress' investigation.

US, China trade deal expected before tariff increase
Ross noted Tuesday the European Union imposes a 10% tariff on US cars, while the USA imposes a 2.5% tariff on European Union cars. President Donald Trump dashed market hopes for a quick preliminary agreement with China, driving support for safe-haven assets.

Body of missing woman found in Outback
For a few days, the group stayed close to the vehicle , surviving on the limited supplies they had packed, McBeath-Riley said. They had used up all their supplies of water, as well as some vodka drinks, biscuits and beef noodles they had in the auto .

Deliveroo ad bags 300 complaints from viewers
Therefore, according to ASA the Deliveroo ad breaches code rules and thus it shall not be broadcasted in the current form. Some 336 people said it trivialised vehicle crashes, but ASA did not consider the rules to be broken.

Bears within two games of final playoff spot
Of course like any team, hitting on their draft picks will be key, and there will also be plenty of free agents to evaluate. That closeness allows the Seahawks to fight adversity, come back from deficits and win games in the fourth quarter.

World leaders appear to mock Trump at North Atlantic Treaty Organisation reception in viral video
Trump says he called out Trudeau for not paying 2 percent of Canada gross domestic product into NATO's defense spending. Macron used the opportunity to dispute Trump's claim that the threat from Islamic State had been all but eliminated.

Australia Revokes Medical Evacuations for Offshore Detainees
He then attacked the Labor party's record on border protection, saying they had sent women and children to Manus Island . Under the offshore arrangements, there are now just over 200 people in Papua New Guinea and more than 250 on Nauru.

SpaceX, NASA gear up for space station resupply launch
Being able to do this 12 hours at a time from the exterior of the ISS will be extremely useful to the team of astronauts. That experiment is part of Anheuser-Busch's effort to make Budweiser "the first beer on Mars", according to Wired .

U.S. President Trump says UK PM Boris Johnson "very capable"
They have a very high unemployment rate in France, they are not doing well economically at all. There were no immediate details of a one-to-one meeting.