A new critical Android malware has been discovered by security researchers that enable malicious apps to pose as legitimate ones and steal user’s personal data.
Strandhogg 2.0., the new vulnerability, was discovered by Norwegian infosec firm Promon and works by camouflaging as a legitimate app, tricking victims into entering their passwords, and stealing sensitive user data.
“By exploiting this vulnerability, a malicious app installed on a device can attack and trick the user so that when the app icon of a legitimate app is clicked, a malicious version is instead displayed on the user’s screen,” the company explained.
"If the victim then inputs their login credentials within this interface, those sensitive details are immediately sent to the attacker, who can then login to, and control, security-sensitive apps," they added.
According to the security company, the malware is an old Norse strategy that works as an "evil twin" of a similar vulnerability found by the company in 2019.
However, while the original Strandhogg needs to declare taskAffinity in the Android Manifest, the current malware doesn't, making it nearly undetectable.
Moreover, the vulnerability can also hijack other app permissions to “gain access to private SMS messages and photos, steal victims’ login credentials, track GPS movements, make and/or record phone conversations, and spy through a phone’s camera and microphone."
Fortunately, Android 10, the latest version of the operating system, is immune to the said flaw. However, the vulnerability still affects devices that are running on version 9.0 or earlier, which accounts to about 91.8% of Android users.
In response, Google rolled out CVE-2020-0096, in May's Android Security Update, which works as a security fix for Android versions 8.0, 8.1, and 9 earlier this month.
"We appreciate the work of the researchers and have released a fix for the issue they identified,” a Google spokesperson told PCMag. “Additionally, Google Play Protect detects and blocks malicious apps, including ones using this technique."
As of to date, Promon said it hasn’t found any evidence indicating hackers have used the bug in active hacking campaigns. However, the security firm expects that cybercriminals will eventually take advantage of the vulnerability to launch future attacks.
As a warning, Tom Lysemose Hansen, CTO and founder of Promon, said Android users should update their devices to the latest operating system as soon as possible “to protect themselves against attacks utilizing StrandHogg 2.0.”