A new vulnerability, called Strandhogg, has been found to give cyber attackers the ability to create fake login screens that can be inserted into legitimate apps to steal login details and harvest data.
https://twitter.com/campuscodi/status/1201531543841333248
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
A fair bit of skepticism should be applied when downloading any application to your phone, but unfortunately there may be some apps that slip through and give a false sense of authenticity. When installing applications, it is important to note the permissions it is requesting. As an example, an alarm clock app requesting access to your photos or location is a huge red flag – think about what the application actually needs access to. In addition, often malicious apps can give away tell-tale signed such as a drained battery. These apps are likely to operate in the background and are constantly running in order to steal data and access files. Mobile operating systems have come a long way in terms of safety in recent years but good old fashioned vigilance and wariness will do a lot to avoid any bad actors that are taking advantage of vulnerabilities.