Yet another security breach that goes by the name of StrandHogg (in reference to a Viking war tactic) has been discovered on the Android platform by security researchers. This breach allowed hackers to develop malware capable of seizing bank IDs and passwords.
“We have hard evidence that attackers are exploiting StrandHogg to steal confidential information,” says Tom Lysemore Hanson, from security firm Promon.
The vulnerability makes it possible for a malicious app while pretending to be the legitimate app ask for access to any permission, including SMS, photos, microphone, and GPS, allowing them to read messages, view photos, eavesdrop, and track the victim’s movements.
Users are unaware that they are giving permission to the hacker and not the authentic app they believe they are using.
By exploiting this vulnerability, a malicious app installed on the device can attack the device and trick it so that when the app icon of a legitimate app is clicked, a malicious version is instead displayed on the user’s screen.
When the victim inputs their login credentials within this interface, sensitive details are immediately sent to the attacker, who can then login to, and control, security-sensitive apps.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
