A new vulnerability, called Strandhogg, has been found to give cyber attackers the ability to create fake login screens that can be inserted into legitimate apps to steal login details and harvest data.
Android: New StrandHogg vulnerability is being exploited in the wild
> Promon has identified a new Android OS vulnerability
> Lookout confirmed that 36 apps have used it in the wild
> StrandHogg affects all Android OS versionshttps://t.co/SVqzGNctAR pic.twitter.com/m72ddNzkoZ
— Catalin Cimpanu (@campuscodi) December 2, 2019
A fair bit of skepticism should be applied when downloading any application to your phone, but unfortunately there may be some apps that slip through and give a false sense of authenticity. When installing applications, it is important to note the permissions it is requesting. As an example, an alarm clock app requesting access to your photos or location is a huge red flag – think about what the application actually needs access to. In addition, often malicious apps can give away tell-tale signed such as a drained battery. These apps are likely to operate in the background and are constantly running in order to steal data and access files. Mobile operating systems have come a long way in terms of safety in recent years but good old fashioned vigilance and wariness will do a lot to avoid any bad actors that are taking advantage of vulnerabilities.