New ‘Strandhogg’ vulnerability targeting Android users discovered

This Android vulnerability poses as legitimate apps thereby gaining access to devices. This bug is present in all Android versions including Android 10.

By: HT CORRESPONDENT
| Updated on: Aug 20 2022, 18:10 IST
Android smartphone vulnerability.
Android smartphone vulnerability. (Pixabay)

There's a new Android vulnerability which has the best disguise of posing as legitimate apps. Security researchers from Promon have discovered the 'Strandhogg' vulnerability which has affected all Android versions including the latest Android 10.

Promon in its blog post says that the Strandhogg vulnerability has kept all top 500 popular apps at risk with 36 malicious apps already identified. Hackers also don't require root access to exploit this vulnerability in Android devices. Once hackers have access to these affected devices they can potentially get every data and more remotely.

You may be interested in

MobilesTablets Laptops
Apple iPhone 15 Pro Max
  • Black Titanium
  • 8 GB RAM
  • 256 GB Storage
27% OFF
Samsung Galaxy S23 Ultra 5G
  • Green
  • 12 GB RAM
  • 256 GB Storage
Google Pixel 8 Pro
  • Obsidian
  • 12 GB RAM
  • 128 GB Storage
Apple iPhone 15 Plus
  • Black
  • 6 GB RAM
  • 128 GB Storage

The list of possible things hackers can have access to as noted by Promon researchers include listening to the user's conversations and even recording them, read and send messages, take photos, phish login credentials, access photos and files. Hackers can even get location information, access the phone contacts and call logs as well.

Also read
Looking for a smartphone? To check mobile finder click here.

Promon further explains how the malicious app poses as a legitimate one and seeks permissions from the user which are usually accepted. Most app permissions include SMS, camera, microphone and GPS which in turn gives access to hackers to the user's device. This Android vulnerability can even access sensitive information when users login within this malicious interface.

According to Promon, this malware sample made its way through dropper apps or hostile downloaders in Google Play Store which are usually missed. A recent example of this is the CamScanner app which contained a malicious module through a "Trojan Dropper". The app was even removed from Google Play.

Promon informed Google about this Android vulnerability earlier this summer. Google has removed the malicious apps but Promon says the vulnerability hasn't been fixed as yet.

Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 03 Dec, 18:29 IST
Tags:
NEXT ARTICLE BEGINS