![]() Under the hood, StrandHogg is a bug in the way the Android OS handles switching between tasks (processes) that handle different operations or applications. The technical details of the StrandHogg vulnerability are easy to grasp, even for non-technical users. Users initially installed other malicious apps from the Play Store, which then downloaded the StrandHogg-infected apps for more intrusive attacks. ![]() These 36 apps were installed on users’ devices as second-stage payloads, Promon said. ![]() Promon didn’t list the names of the 36 apps that used the StrandHogg vulnerability, but it did say that none of these apps were available through the official Play Store - directly. Promon said it then partnered with Lookout, a US-based mobile security firm, which confirmed the vulnerability, and discovered 36 apps that were currently exploiting it in the wild. Promon said its Eastern European partner provided a sample for its researchers to analyze sample inside which they discovered the StrandHogg security flaw. The company said it “identified the StrandHogg vulnerability after it was informed by an Eastern European security company for the financial sector (to which Promon supplies app security support) that several banks in the Czech Republic had reported money disappearing from customer accounts.” ![]() Promon said this security flaw has already been exploited in the wild by malware gangs. The vulnerability - which Promon named StrandHogg - can also be used to show fake login (phishing) pages when taping on a legitimate application. In a comprehensive report published today, the research team said the vulnerability can be used to trick users into granting intrusive permissions to malicious apps when they tap and interact with legitimate ones. Security researchers from Promon our Norwegian technology partner who is specialized in in-app security protections said they identified a bug in the Android operating system that lets malicious apps hijack legitimate app, and perform malicious operations on their behalf. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
January 2023
Categories |