In recent news reported by BBC News, a Norwegian app security company, Promon, has identified a serious Android flaw following an attack on several customer bank accounts and detected a vulnerability in the Android system. Promon named it as StrandHogg that allows real-life malware to pose as legitimate apps, with users unaware they are being targeted. Promon scanned top 500 popular mobile apps in the world, and they are vulnerable to StrandHogg.
StrandHogg is unique because it can be exploited with or without root access to any Android devices, and it affects all versions of Android, including Android 10. By taking advantage of a weakness in the multitasking system of Android to enact powerful attacks, this allows malicious apps to masquerade as any other app on the device. This exploit is based on an Android control setting called ‘taskAffinity’ which allows any app – including malicious ones – to assume any identity in the multitasking system they desire freely.
Securing identity firm, i-Sprint, has also done its own investigation by sampling 100 popular Android Apps across APAC and found that all of them are susceptible to this vulnerability. The consequences of exploiting this vulnerability by malware includes stealing of usernames and passwords, draining bank accounts, tracking victim’s movements and location, stealing private SMS messages and photos, accessing victim’s contact list and phone logs, and spying through a phone’s camera and microphone.