It has been reported that security researchers have found a major vulnerability in almost every version of Android, which lets malware imitate legitimate apps to steal app passwords and other sensitive data. The vulnerability, dubbed Strandhogg 2.0 (named after the Norse term for a hostile takeover) affects all devices running Android 9.0 and earlier. It’s the “evil twin” to an earlier bug of the same name, according to Norwegian security firm Promon, which discovered both vulnerabilities six months apart. Strandhogg 2.0 works by tricking a victim into thinking they’re entering their passwords on a legitimate app while instead interacting with a malicious overlay. Strandhogg 2.0 can also hijack other app permissions to siphon off sensitive user data, like contacts, photos, and track a victim’s real-time location.
Experts Comments
Be part of our growing Information Security Expert Community (1000+), please register here.
Linkedin Message
@Boris Cipot, Senior Sales Engineer , provides expert commentary at @Information Security Buzz.
"The malware can be installed by so-called “dropper apps,” also known as hostile downloaders, that are distributed through Google Play...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/comment-new-android-bug-lets-malware-pose-as-real-apps-and-steal-user-data
Facebook Message
@Boris Cipot, Senior Sales Engineer , provides expert commentary at @Information Security Buzz.
"The malware can be installed by so-called “dropper apps,” also known as hostile downloaders, that are distributed through Google Play...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/comment-new-android-bug-lets-malware-pose-as-real-apps-and-steal-user-data