Beware this new critical Android security flaw

[Hanno Labuschagne]

Beware this new critical Android security flaw

A recently discovered Android vulnerability allows malicious actors to take over legitimate apps to steal user data and gain access to a victim’s smartphone features.

The flaw was picked up by Norwegian security firm Promon and is called StrandHogg 2.0, the “evil twin” of a similar vulnerability identified in 2019.

The first StrandHogg exploit used Android’s multitasking feature taskAffinity to hijack real apps when an attacker’s crafted malware app is installed on a user’s device.

 

[WAslayer]

/snip

The new flaw no longer makes use of taskAffinity, with the attacker being able to download and deploy the code to a user’s device after the malicious app has been installed.

“By exploiting this vulnerability, a malicious app installed on a device can attack and trick the user so that when the app icon of a legitimate app is clicked, a malicious version is instead displayed on the user’s screen,” Promon explained.

If a victim then inputs their credentials on what appears to be a legitimate login page – such as a Google or Facebook account – the details are immediately sent to the attacker.

Additionally, users can be tricked into thinking they are granting access to certain permissions to the trusted app.

For example, opening the real camera might pop up a prompt to give it permission to use a smartphone’s camera and microphone. When the user allows this, the permission is actually being granted to the attacker’s app.