Strandhogg vulnerability on Android allows malicious code to impersonate every Android application
Security firm Promon recently discovered a new vulnerability, called Strandhogg, that exists in Android's multi-tasking feature.
Security firm Promon recently discovered a new vulnerability, called Strandhogg, that exists in Android's multi-tasking feature. Hackers can take advantage of this vulnerability to create malicious code disguised as any other application on that device, including system applications, to capture user's bank account information and track the behavior of the user. they.
Specifically, the malware that exploits the Strandhogg vulnerability will hide as a legitimate application. When users click on the icon, the malware will intervene and display a fake interface of the real software. This makes users think they are using the real application, making it easier for malicious apps to steal sensitive information from users, eavesdrop on microphones, take remote snaps, record calls . then send them. them to attacker via remote server.
The researchers said the flaw is extremely dangerous because it allows an attacker to impersonate almost all applications and users are almost unrecognizable.
In the video below, an attacker manipulates several task state transition conditions, deceiving the system and booting up a fake interface. When the victim enters personal information, the code immediately sends that information to the attacker, giving him access to any sensitive user account.
Security researchers have discovered at least 36 malicious applications that are exploiting the Strandhogg flaw. One of them is CamScanner, a PDF creation application that has been downloaded over 100 million times. However, the researchers said that there are currently about 500 common applications at risk of being impersonated.
Currently, malware has been removed by Google, but the Strandhogg flaw has not been patched yet.
As recommended by Promon, while waiting for the patch to protect themselves by paying attention to a few small details such as pop-up notifications demanding access but not displaying the application name, the application loves If you are already logged in, the virtual keys (including the back key) and the link (link) do not work when clicking .
- Warning: Operation to attack Vietnamese users through Unikey percussion
- Warning: There appears an email notification of Windows updates from a fake Microsoft that contains cyber ransomware
You should read it
- Hackers can modify Safari on macOS to steal user data
- Detect new Android malware fake system update to track and steal user information
- Warning: Android fake Uber software appears to trick user passwords
- Detecting fake 2FA security apps that can steal bank accounts on Android phones
- 23 malicious apps that steal Facebook and Instagram accounts and blackmail users, need to be removed immediately
- How to identify and avoid fake Android apps in Play Store
- Chrome and Firefox have a serious security flaw, there is no way to fix it
- 151 Android apps that steal money in your account, you should remove it immediately if you accidentally install it
- Detected 172 fake Android apps used to mine coins
- More than 4,000 Android apps reveal user information
- 9 apps that scam and steal users' Facebook accounts
- Top 5 Fake GPS Apps on Android