Android ‘StrandHogg’ vulnerability allows attackers to insert fake login screens
A newly discovered Android vulnerability being exploited in the wild allows attackers to insert fake login screens into legitimate apps to steal credentials as well as undertake various other nefarious activities.
Detailed today by security researchers at Promon, the vulnerability, dubbed âStrandHogg,â exists as a result of the way Android handles multitasking.  Found in all versions of Android including Android 10, the vulnerability allows a malicious app installed on an Android device to trigger malicious code when a user opens another app.
The malicious code can include fake login screens that appear to be from the legitimate app but are instead generated from the malicious app. Those currently exploiting the vulnerability are doing exactly that, specifically targeting banking apps, tricking users into entering their login details on a fake login screen, the users none the wiser as theyâve clicked on their banking app.
The discovery of the vulnerability came about after Promon was contacted by a Czech bank that couldnât work out how money was being siphoned from customer accounts. Itâs now believed that up to 60 different financial institutions may be have been targeted with 36 malicious apps found to be designed to exploit StrandHogg including some in the Google Play Store.
While stealing banking login details has been the initial focus of those exploiting the vulnerability, the researchers warn that it can be used various other purposes. StrandHogg opens the door for attackers to listen to a user through a microphone, take photos using the deviceâs camera, read and send SMS text messages, make or record phone conversations, phish login credentials, obtain access to all files and logs on a device and finally access location and GPS information.
Craig Young, computer security researcher for enterprise cybersecurity firm Tripwire Inc.âs vulnerability and exposure research team, told SiliconANGLE that user interface redressing vulnerabilities can be particularly dangerous in mobile platforms where there are typically already fewer on-screen indicators to confirm what site a user is interacting with.
âIn general, users must be careful about installing apps which request the screen overlay permission or require accessibility settings,â Young said. âWhere available, users should also make sure that the âVerify Appsâ setting is enabled in Androidâs security settings.â
Photo: Blogrepreneur/Flickr; image: Promon
Since youâre here âŚ
Show your support for our mission by our 1-click subscribe to our YouTube Channel (below) â The more subscribers we have the more then YouTubeâs algorithm promotes our content to users interested in #EnterpriseTech. Thank you.
Support Our Mission:Â Â Â >>>>>>Â SUBSCRIBE NOW >>>>>>Â to our Youtube Channel
⌠Weâd like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.âs business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we donât have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE â along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE â take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.
Gloss