Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Strandhogg vulnerability on Android allows malicious code to impersonate every Android application
Security firm Promon recently discovered a new vulnerability, called Strandhogg, that exists in Android's multi-tasking feature. Hackers can take advantage of this vulnerability to create malicious code disguised as any other application on that device, including system applications, to capture user's bank account information and track the behavior of the user. they.
Specifically, the malware that exploits the Strandhogg vulnerability will hide as a legitimate application. When users click on the icon, the malware will intervene and display a fake interface of the real software. This makes users think they are using the real application, making it easier for malicious apps to steal sensitive information from users, eavesdrop on microphones, take remote snaps, record calls . then send them. them to attacker via remote server.
The researchers said the flaw is extremely dangerous because it allows an attacker to impersonate almost all applications and users are almost unrecognizable.
In the video below, an attacker manipulates several task state transition conditions, deceiving the system and booting up a fake interface. When the victim enters personal information, the code immediately sends that information to the attacker, giving him access to any sensitive user account.
Security researchers have discovered at least 36 malicious applications that are exploiting the Strandhogg flaw. One of them is CamScanner, a PDF creation application that has been downloaded over 100 million times. However, the researchers said that there are currently about 500 common applications at risk of being impersonated.
Currently, malware has been removed by Google, but the Strandhogg flaw has not been patched yet.
As recommended by Promon, while waiting for the patch to protect themselves by paying attention to a few small details such as pop-up notifications demanding access but not displaying the application name, the application loves If you are already logged in, the virtual keys (including the back key) and the link (link) do not work when clicking .
- Warning: Operation to attack Vietnamese users through Unikey percussion
- Warning: There appears an email notification of Windows updates from a fake Microsoft that contains cyber ransomware
Samuel DanielYou should read it
- Warning: Android fake Uber software appears to trick user passwords
- Detecting fake 2FA security apps that can steal bank accounts on Android phones
- 23 malicious apps that steal Facebook and Instagram accounts and blackmail users, need to be removed immediately
- How to identify and avoid fake Android apps in Play Store
- Chrome and Firefox have a serious security flaw, there is no way to fix it
- 151 Android apps that steal money in your account, you should remove it immediately if you accidentally install it
- Detected 172 fake Android apps used to mine coins
- More than 4,000 Android apps reveal user information
May be interested
- Vietnamese operators accidentally revealed iOS 13.3 release date
viettel has accidentally revealed the date when apple released the official version of ios 13.3 and watchos 6.1.1. - Apple Clips has just been updated with many new features worth experiencingafter a long period of silence, apple has finally released a major update to its homegrown video editing clips, with many new features that contribute to enriching. significant user experience.
- Microsoft confirms end of Office Apps support on Windows 10 Mobileoffice apps on windows 10 mobile will still function normally, but won't receive any important security updates.
- Spreading hacking tools helps Windows 7 still get updates even after Microsoft has stopped supportingthis hacking tool will basically help your device pass that initial check and can receive updates just like esu customers.
- Huawei launched Band 4 Pro, integrated NFC, GPS, SpO2 blood oxygen sensor, priced at 1.3 millionband 4 pro is considered an upgraded version of the huawei band 4, launched in october, but equipped with many new improvements.
- Experience micro phone 2 sim 2 wave, connect to smartphonesthis ultra-small phone has two sim waves, a removable 300 mah battery, and loud speakers.
Technology story
Discovered a new line of malicious Android code that steals user data on the electronic application market- Detect new malicious code to attack Android device
- Malware Judy attacked more than 36.5 million Android phones
- Appearing dangerous Android malicious code specializing in stealing chat content on Facebook Messenger, Skype ...
- Dozens of Android applications are infected with malicious code
Discovered a new line of malicious Android code that steals user data on the electronic application market
Detect new malicious code to attack Android device
Malware Judy attacked more than 36.5 million Android phones
Appearing dangerous Android malicious code specializing in stealing chat content on Facebook Messenger, Skype ...
Dozens of Android applications are infected with malicious code