In a recent discovery, a major vulnerability affecting every version of Android has been unearthed. This Vulnerability allows the emulation of legitimate applications installed on the Android device to steal the user’s information.
StrandHogg in Norse means Hostile Takeover.
This vulnerability was not present in Google play by default but was later installed through the dropper apps that were distributed by Google. The vulnerability termed as StrandHogg 1.0 was only discovered when an Eastern European security firm for the financial sector had been informed of several customers losing money from the Czech Republic-based banks. Since then, the affected apps have been removed by Google, however, the vulnerability remains to be patched even in Android version 10.
In the last few months, researchers have discovered a twin strand of this vulnerability and named it StrandHogg 2.0 due to the similarities it possesses with its earlier version. Although, the newer version allows threat actors to trick their victims into thinking that they are entering their credentials in a legitimate app while they would be interacting with a malignant overlay. This newer breed has been declared to be the more severe among the two but there has been no evidence of it being used in the open world as of yet.
Notable Points
- With the CVE number CVE-2020-0096, Google has classified StrandHogg2.0 to be a critical severity.
- StradHogg’s initial version exploits the Android Control Setting TaskAffinity, the second one does not show any resemblance to this feature.
- Users using Android version 9.0 or earlier are very prone to attacks due to this vulnerability.
- Due to its code based execution, StrandHogg 2.0 is extremely hard to identify.
Researchers have predicted that in order to maximize the target area, threat actors can use both the StrandHogg strands together since both the vulnerabilities are uniquely positioned to attack different devices in different ways. Although Google has stated that play protect blocks the apps exploiting StrandHogg 2.0 and issued a patch for Android 9.0, 8.1 and 8.0, other versions of Android remain vulnerable and hence our security experts have suggested users to update their devices to the latest firmware.
To read more, please check eScan Blog