The Norwegian Security firm has unearthed a new Android security bug dubbed Strandhogg 2.0 that lets the malware to imitate the legitimate apps. The malware thereby steals the app passwords as well as other user sensitive data. The malware is found to affect all the Android devices running Android 9. The research firm reported the same to Google which took necessary steps and fixed the critical rated vulnerability.
The good news is that there is no evidence to approve the usage of the malware in the active hacking campaigns. Strandhogg 2.0 works by tricking the user into thinking that they have been entering the password on a legitimate app which in reality doesn’t happen. The malware can also siphon off other important user-related data like photos contacts and even the victim’s real-time location.
How does the Android security bug, Strandhogg 2.0 Operate?
The new Android malware Strandhogg 2.0 works by abusing the Android multitasking system. It keeps a close watch on every recently opened app wherein the user uses to switch back and forth. The victim is forced to download the malicious app which is disguised as a normal app. Upon installation, the malicious app hijacks the app and introduces malicious content in its place for example a fake login window. The app siphons off the password as soon as the user enters the password on the fake overlay on to hackers’ servers.
The interesting part is Strandhogg 2.0 also does not require any Android permissions in the first place. It also hijacks the permissions of other apps and gets access to the victim’s contacts, images, and messages. Besides uploading the data, the malicious app can even upload the entire text conversations and defeating the two-factor authentication in the process. As of now, the only thing to avoid the malicious app is to update the Android devices with the latest security updates.