If you are an Android user, you probably have been dealing with a lot of pre-cautious measures aimed at protecting your phone from viruses and bugs. However, there is new trouble in the house – and it won’t erase your contact list. Even worse. It will erase your bank account (or, should we say, erase the money you have). If you have a fully patched Android phone, be warned. Researchers from security firm Promon reported in a post that there is a vulnerability that enables hostile apps to present themselves as a normal, fully legitimate apps and target the ones you had already installed and come to trust.
Disguised as already installed trusted apps, those hostile apps can ask you for authorization for going through some sensitive tasks as is recording video or audio, taking photos, reading text messages or even phishing your passwords.
Whatever You Do – Don’t Click ‘Yes’ or ‘Allow’
A mobile security provider and a Promon partner, Lookout, revealed it discovered 36 apps exploiting the hoaxing vulnerability. The hostile apps included forms of the BankBot banking trojan which is active since 2017, and apps from the malware family have been caught constantly penetrating the Google Play Market. However, now it is said that none of the 36 apps found is available in Google Play.
This vulnerability is most severe in versions 6 through 10, meaning in around of 80% of Android phones worldwide.
This problem jas been also detected in a function known as TaskAffinity. It is a multitasking feature that lets apps suppose the identity of other apps or tasks.
Promon researchers said:
“Thus the malicious activity hijacks the target’s task. The next time the target app is launched from Launcher, the hijacked task will be brought to the front and the malicious activity will be visible. The malicious app then only needs to appear like the target app to successfully launch sophisticated attacks against the user. It is possible to hijack such a task before the target app has even been installed.”
StrandHogg Will Raid Your Bank Account
Promon said Google has removed that kind of apps from its Play Market, but, for now, the vulnerability seems to be still present in all versions of Android. Promon has named this type of problem “StrandHogg,” a term that was previously used to describe the Viking tactic of raiding coasts to pillage and hold people for pay-off. The real names of the malicious apps are not disclosed.
Google representatives didn’t respond to questions patching this flaw. They only said:
“We appreciate the researchers’ work, and have suspended the potentially harmful apps they identified. Google Play Protect detects and blocks malicious apps, including ones using this technique. Additionally, we’re continuing to investigate in order to improve Google Play Protect’s ability to protect users against similar issues.”
Be it as it may, there are few things alert users can do to detect hostile apps that try to exploit the vulnerability. Suspicious signs include among others: asking for a repeated login, bot working buttons, permissions asked from an app that doesn’t need it usually (e.g. calculator or calendar).
So, the next time you decide to install 148. Version of Candy Crush – stay alert.
Experienced creative professional focusing on financial and political analysis, editing daily newspapers and news sites, economical and political journalism, consulting, PR and Marketing. Teuta’s passion is to create new opportunities and bring people together.