cyber security awareness Malware

New Android Bug Strandhogg 2.0 Affects all Devices Running Android 9.0 and Earlier

strandhogg-2-0-affects-all-devices

New Android Bug Strandhogg 2.0 Affects all Devices Running Android 9.0 and Earlier

strandhogg-2-0-affects-all-devices

A new Android bug dubbed StrandHogg 2.0 affects all devices running Android 9.0 and earlier. The bug lets malicious apps pose a legitimate app and steal victim data.

The bug was found by the Promon researchers tracked as (CVE-2020-0096) and it is similar to the original StrandHogg bug that was discovered as last year.

StrandHogg 2.0 The ‘evil twin’

StrandHogg 2.0 app enables attackers to hijack nearly any app and to exfiltrate sensitive user data, like contacts, photos, and track a victim’s real-time location.

The Version 2.0 is different from original strandhogg, with the original version that attack is via Android control setting called ‘taskAffinity’ which allows any app – including malicious ones – to freely assume any identity in the multitasking system they desire.

The second version of the bug allows “executed through reflection, allowing malicious apps to freely assume the identity of legitimate apps while also remaining completely hidden.”

By using the StrandHogg 2.0, if a malicious app installed on the device it allows attackers to gain “access to private SMS messages and photos, steal victims’ login credentials, track GPS movements, make and/or record phone conversations, and spy through a phone’s camera and microphone.”

strandhogg-2-0-affects-all-devices

Tom Lysemose Hansen, CTO and founder of Promon said that “We see StrandHogg 2.0 as StrandHogg’s even more evil twin”.

The version 2.0 attackers nearly any app on a given device simultaneously at the touch of a button, and it is difficult to detect because of its code-based execution.

strandhogg-2-0-affects-all-devices

To exploit this vulnerability root access is not required, it enables sophisticated attacks, even on unrooted devices.

“By exploiting this vulnerability, a malicious app installed on a device can attack and trick the user so that when the app icon of a legitimate app is clicked, a malicious version is instead displayed on the user’s screen,” reads the research.

If victims input the login credentials and sensitive data with the malicious app, then the details are sent to the attackers’ server.

strandhogg-2-0-affects-all-devices

Malware that exploits StrandHogg 2.0 is a nightmare for the users because even anti-virus and security scanners unable to detect it.

“According to data from Google, as of April 2020, 91.8% of Android active users worldwide are on version 9.0 or earlier: Pie (2018), Oreo (2017), Nougat (2016), Marshmallow (2015), Lollipop (2014), KitKat (2013), Jellybean (2012) and Ice Cream Sandwich (2011).”

Android users need to update their devices with the latest version firmware as soon as possible to protect themselves from Strandhogg 2.0 attack.

Article source

You can follow us on InstagramLinkedinTwitter & Reddit for daily Cybersecurity, Hacking news, and Hacking Tips & tricks updates

Take the DEMO FIRST then ENROLL

Your Information and data is 100% secure and private