A new Android bug, StrandHogg 2.0
+Lets malware poses as real apps and steal user data.Security researchers have found a major vulnerability in almost every version of Android, which lets malware imitate legitimate apps to steal app passwords and other sensitive data.
The vulnerability, dubbed StrandHogg 2.0 affects all devices running Android 9.0 and earlier.
StrandHogg 2.0 works by tricking a victim into thinking they’re entering their passwords on a legitimate app while instead interacting with a malicious overlay.
StrandHogg 2.0 can also hijack other app permissions to siphon off sensitive user data, like contacts, photos, and track a victim’s real-time location.
A spokesperson for Google told that the company also saw no evidence of active exploitation.
“We appreciate the work of the researchers, and have released a fix for the issue they identified.”
The spokesperson said Google Play Protect, an app screening service built-in to Android devices, blocks apps that exploit the StrandHogg 2.0 vulnerability.
Here’s a screen recording from a Samsung Galaxy Note8 running Android 9 Pie showing it in action.
Watch Video
0 comments:
Post a Comment