Promon security researchers discovered a new flaw on Android smartphones, StrandHogg would make vulnerable all versions of the operating system of Google. A real risk for the data set of Android smartphone owners, according to the Norwegian company specializing in cybersecurity. If exploited by malware, the flaw would collect bank data, passwords, and any other file stored on the compromised smartphone.
The vulnerability is based on how Google's operating system handles multitasking. Hackers can exploit the weakness of this management to be superimposed on applications that users think open and thus request access permissions to features of the smartphone. Believing that these are legitimate requests from their applications, the owners allow access and allow malicious software to deploy on their phone. They only have to collect all the data stored in anticipation of malicious use.
With the permissions of the mobile owner, an attacker could be able to display fake phishing login pages in order to grab sensitive data from their victims such as bank login details and other credentials or/and password. In fact, once the StrandHogg malware is present on the mobile phone, he could do whatever it wants on it. As explained by Promon security researchers, by exploiting this vulnerability, a malicious app installed on the device can attack the device and trick it so that when the app icon of a legitimate app is clicked, a malicious version is instead displayed on the user’s screen.
In a recent tweet @LukasStefanko provided a proof of concept showing how the malware was able to act as legitimate application without the mobile phone owner acknowledgment.
Android #StrandHogg vulnerability— Lukas Stefanko (@LukasStefanko) December 2, 2019
Vulnerability allows malicious app to masquerade as any other app on the device.
So, if you launch Facebook, malware is executed.
See video demo how it works.https://t.co/19r1vPjQPY @Promon_Shield pic.twitter.com/F4Jie8bnQ1
WHAT’S THE IMPACT?
According to Promon, nearly 500 applications available on the Play Store would be particularly vulnerable to StrandHogg malware. Warned about this new flaw, Google reacted to the discovery of Promon and says :
We appreciate the work of researchers and we suspended the potentially harmful applications they identified. In addition, we continue to investigate to improve the ability of Google Play Protect to protect users from similar issues.
When exploited by hackers the malware is able to listen to the user through the microphone, take photos through the camera, read and send SMS messages, make and/or record phone conversations, create phishing page in order to grab sensitive information as stated above, get access to all private photos and files on the device, get location and GPS information, get access to the contacts list and access phone logs.