Security experts at Promon disclosed a vulnerability, dubbed StrandHogg, that has been exploited by tens of malicious Android apps.
The name StrandHogg comes from an old Norse term that refers to a tactic adopted by the Vikings that consists of raiding coastal areas to plunder and hold people for ransom.
The vulnerability resides in the Android’s multitasking system that could be exploited by a rogue application installed on the device to pose as a legitimate application in the attempt to harvest elevated permissions from the victims.
A rogue Android app could use the StrandHogg tactic to trick the user into granting it the permissions to control the devices.
“The vulnerability makes it possible for a malicious app to ask for permissions while pretending to be the legitimate app. An attacker can ask for access to any permission, including SMS, photos, microphone, and GPS, allowing them to read messages, view photos, eavesdrop, and track the victim’s movements.” reads the report.
“The attack can be designed to request permissions which would be natural for different targeted apps to request, in turn lowering suspicion from victims. Users are unaware that they are giving permission to the hacker and not the authentic app they believe they are using.”
The permissions granted to the app could allow spying on the user by accessing the camera and microphone, obtaining the device’s location, reading the SMSs, capturing login credentials (including 2FA codes via SMS), accessing private photos and videos, accessing contacts and call logs, and also making calls and recording the victim’s conversations.
The StrandHogg technique is unique because it allows hackers to carry out sophisticated attacks without the need for a device to be rooted.
“This exploit is based on an Android control setting called ‘ ’ which allows any app – including malicious ones – to freely assume any identity in the multitasking system they desire.” continues the report.
The researchers have conducted research of
According to the Mobile security firm Lookout, 36 malicious apps identified by its experts exploited the vulnerability, including variants of the BankBot banking Trojan that have been spotted for the first time in 2017.
Is it possible to detect the exploitation of the Stranghodd flaw on user’s device?
Unfortunately, no. Experts explained that
(SecurityAffairs – StrandHogg flaw, Android)