Strandhogg vulnerability on Android allows malicious code to impersonate every Android application

Security firm Promon recently discovered a new vulnerability, called Strandhogg, that exists in Android's multi-tasking feature.

Security firm Promon recently discovered a new vulnerability, called Strandhogg, that exists in Android's multi-tasking feature. Hackers can take advantage of this vulnerability to create malicious code disguised as any other application on that device, including system applications, to capture user's bank account information and track the behavior of the user. they.

Specifically, the malware that exploits the Strandhogg vulnerability will hide as a legitimate application. When users click on the icon, the malware will intervene and display a fake interface of the real software. This makes users think they are using the real application, making it easier for malicious apps to steal sensitive information from users, eavesdrop on microphones, take remote snaps, record calls . then send them. them to attacker via remote server.

Strandhogg vulnerability on Android allows malicious code to impersonate every Android application Picture 1Strandhogg vulnerability on Android allows malicious code to impersonate every Android application Picture 1

The researchers said the flaw is extremely dangerous because it allows an attacker to impersonate almost all applications and users are almost unrecognizable.

In the video below, an attacker manipulates several task state transition conditions, deceiving the system and booting up a fake interface. When the victim enters personal information, the code immediately sends that information to the attacker, giving him access to any sensitive user account.

Security researchers have discovered at least 36 malicious applications that are exploiting the Strandhogg flaw. One of them is CamScanner, a PDF creation application that has been downloaded over 100 million times. However, the researchers said that there are currently about 500 common applications at risk of being impersonated.

Currently, malware has been removed by Google, but the Strandhogg flaw has not been patched yet.

As recommended by Promon, while waiting for the patch to protect themselves by paying attention to a few small details such as pop-up notifications demanding access but not displaying the application name, the application loves If you are already logged in, the virtual keys (including the back key) and the link (link) do not work when clicking .

  1. Warning: Operation to attack Vietnamese users through Unikey percussion
  2. Warning: There appears an email notification of Windows updates from a fake Microsoft that contains cyber ransomware
4 ★ | 1 Vote