New Android Flaw Can Help Malware Impersonate Apps and Take Your Data

Yolanda Curtis
May 29, 2020

The malware can also reportedly meddle with application permissions, allowing it to scrape sensitive user data and even track the affected individual's real-time location.

"Malware that exploits StrandHogg 2.0 will also be harder for anti-virus and security scanners to detect and, as such, poses a significant danger to the end-user", they added.

A new Android bug was discovered by security researchers which lets malware disguised as legitimate applications to steal passwords and other sensitive user data, creating a major vulnerability in nearly every Android version.

It has also been said that Strandhogg 2.0 is more unsafe than its predecessor because of its near indetectable nature.

The flaw, assigned CVE-2020-0096, has been dubbed StrandHogg 2.0 due to the similarities with the original flaw discovered in December.

Security researchers have found a vulnerability in Android devices that could allow hackers to steal data from users by tricking them into typing passwords in illegitimate apps.

This Android bug dubbed as "StrandHogg 2.0" (CVE-2020-0096) attacks a device by showing a fake interface, which tricks users to give away sensitive information that includes private SMS messages and photos, stealing of victims' login credentials, tracking Global Positioning System movements, making and/or recording phone conversations, and spying through a phone's camera and microphone.

The good news is that Promon said it has no evidence that hackers have used the bug in active hacking campaigns.

The company which discovered Strandhogg 2.0 delayed releasing details of the bug until Google could fix the critical-rated vulnerability since Promon still considers that many hackers could use it. Google, however, has provided a patch to the Android ecosystem partners in April 2020 and for devices operating on Android 8.0, 8.1, and 9.0.

Just like its relatively less evil twin, StrandHogg 2.0 is extremely risky because it enables sophisticated attacks, even on unrooted devices.

The risk to users is likely low, but not zero. Once the victim starts to type their passwords on the fake overlay, the hacker can siphon off their sensitive information to the cyber attacker's server.

Speaking to TechCrunch, Tom Lysemose Hansen, founder and chief technology officer at Promon said the malware was even more unsafe as it's "nearly undetectable".

Late previous year, at the time of its public disclosure, researchers also confirmed that some attackers were already exploiting the flaw in the wild to steal users' banking and other login credentials, as well as to spy on their activities.

Google's spokesperson has said, "We appreciate the work of the researchers, and have released a fix for the issue they identified."

Once that permission is granted, the malicious app can upload data from a user's phone. An app screening service will block the apps trying to exploit the StrandHogg 2.0 vulnerability.

Other reports by iNewsToday