perm_phone_msgConsider your business risks? Chat With US

Android ‘StrandHogg’ vulnerability allows attackers to insert fake login screens – SiliconANGLE

Cyber insurance BCyber todayJanuary 11, 2020 17

share close

A newly discovered Android vulnerability being exploited in the wild allows attackers to insert fake login screens into legitimate apps to steal credentials as well as undertake various other nefarious activities.

Detailed today by security researchers at Promon, the vulnerability, dubbed “StrandHogg,” exists as a result of the way Android handles multitasking.  Found in all versions of Android including Android 10, the vulnerability allows a malicious app installed on an Android device to trigger malicious code when a user opens another app.

The malicious code can include fake login screens that appear to be from the legitimate app but are instead generated from the malicious app. Those currently exploiting the vulnerability are doing exactly that, specifically targeting banking apps, tricking users into entering their login details on a fake login screen, the users none the wiser as they’ve clicked on their banking app.

The discovery of the vulnerability came about after Promon was contacted by a Czech bank that couldn’t work out how money was being siphoned from customer accounts. It’s now believed that up to 60 different financial institutions may be have been targeted with 36 malicious apps found to be designed to exploit StrandHogg including some in the Google Play Store.

While stealing banking login details has been the initial focus of those exploiting the vulnerability, the researchers warn that it can be used various other purposes. StrandHogg opens the door for attackers to listen to a user through a microphone, take photos using the device’s camera, read and send SMS text messages, make or record phone conversations, phish login credentials, obtain access to all files and logs on a device and finally access location and GPS information.

Craig Young, computer security researcher for enterprise cybersecurity firm Tripwire Inc.’s vulnerability and exposure research team, told SiliconANGLE that user interface redressing vulnerabilities can be particularly dangerous in mobile platforms where there are typically already fewer on-screen indicators to confirm what site a user is interacting with.

“In general, users must be careful about installing apps which request the screen overlay permission or require accessibility settings,” Young said. “Where available, users should also make sure that the ‘Verify Apps’ setting is enabled in Android’s security settings.”

Photo: Blogrepreneur/Flickr; image: Promon

Since you’re here …

Show your support for our mission by our 1-click subscribe to our YouTube Channel (below) — The more subscribers we have the more then YouTube’s algorithm promotes our content to users interested in #EnterpriseTech.  Thank you.

Support Our Mission:      to our Youtube Channel

… We’d like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at  — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.

This content was originally published here.

Written by: BCyber

Rate it
Previous post