New StrandHogg Android vulnerability Exploited

English

New StrandHogg Android vulnerability exploited in the wild.

Lookout identified 36 malicious apps using the new StrandHogg vulnerability.

A Norwegian firm named Promon specializes in in-app security protections has discovered a bug in the Android operating system.

This bug lets malicious apps hijack legitimate apps and perform malicious operations on their behalf, a report published by Promon shows.

The research team said the vulnerability can be used to trick users into granting intrusive permissions, to malicious apps when they tap and interact with legitimate ones.

New StrandHogg Android vulnerability exploited in the wild.

The vulnerability, Promon decided to name StrandHogg, can also be used to show fake login (phishing) pages when taping on a legitimate application.

The company said it "identified the StrandHogg vulnerability after it was informed by an Eastern European security company for the financial sector (to which Promon supplies app security support) that several banks in the Czech Republic had reported money disappearing from customer accounts."

Promon said its Eastern European partner provided a sample for its researchers to analyze.

Inside the sample, they discovered the StrandHogg security flaw.

Promon said it then partnered with Lookout, a US-based mobile security firm, which confirmed the vulnerability, and discovered 36 apps that were currently exploiting it in the wild.

Promon didn't list the names of the 36 apps that used the StrandHogg vulnerability, but it did say that none of these apps were available through the official Play Store -- directly.

Featured Sponsors

Games For Linux

Windows has always been the preferred platform for gaming, but after STEAM's interest in Linux more game developers are making their games natively available for Linux.

Disclaimer

All information on this website is published in good faith and for general educational purposes and for use in safe testing environments only. While linuxexperten.com strives to make the information on this site as accurate as possible, linuxexperten.com does not warrant its completeness, reliability and accuracy.

We are not responsible for any losses or damages associated with the use of our website. While we strive to provide only links to useful websites, we have no control over the content of these sites and links to other sites do not constitute a recommendation for all content contained on these websites.

 

Site Information

This is a professional review site that receives compensation from the companies whose products reviewed. Each service or product are thoroughly tested and given high marks if considered to be the very best. Independently owned and the opinions expressed here are no one elses.

 

Limited Time Offers

This time Linux Foundation has a really great offer, you wouldn't want to miss out on !

It is valid between: 10/17/2019 - 12/31/2019

Get a FREE Dell Chromebook 11 with qualifying Linux Foundation instructor-led course purchase!