Sunday, March 23, 2025
HomeAndroidNew Android Bug Strandhogg 2.0 Affects all Devices Running Android 9.0 and...

New Android Bug Strandhogg 2.0 Affects all Devices Running Android 9.0 and Earlier

Published on

SIEM as a Service

Follow Us on Google News

A new Android bug dubbed StrandHogg 2.0 affects all devices running Android 9.0 and earlier. The bug lets malicious apps pose a legitimate app and steal victim data.

The bug was found by the Promon researchers tracked as (CVE-2020-0096) and it is similar to the original StrandHogg bug that was discovered as last year.

StrandHogg 2.0 The ‘evil twin’

StrandHogg 2.0 app enables attackers to hijack nearly any app and to exfiltrate sensitive user data, like contacts, photos, and track a victim’s real-time location.

The Version 2.0 is different from original strandhogg, with the original version that attack is via Android control setting called ‘taskAffinity’ which allows any app – including malicious ones – to freely assume any identity in the multitasking system they desire.

The second version of the bug allows “executed through reflection, allowing malicious apps to freely assume the identity of legitimate apps while also remaining completely hidden.”

By using the StrandHogg 2.0, if a malicious app installed on the device it allows attackers to gain “access to private SMS messages and photos, steal victims’ login credentials, track GPS movements, make and/or record phone conversations, and spy through a phone’s camera and microphone.”

Tom Lysemose Hansen, CTO and founder of Promon said that “We see StrandHogg 2.0 as StrandHogg’s even more evil twin”.

The version 2.0 attackers nearly any app on a given device simultaneously at the touch of a button, and it is difficult to detect because of its code-based execution.

To exploit this vulnerability root access is not required, it enables sophisticated attacks, even on unrooted devices.

“By exploiting this vulnerability, a malicious app installed on a device can attack and trick the user so that when the app icon of a legitimate app is clicked, a malicious version is instead displayed on the user’s screen,” reads the research.

If victims input the login credentials and sensitive data with the malicious app, then the details are sent to the attackers’ server.

Malware that exploits StrandHogg 2.0 is a nightmare for the users because even anti-virus and security scanners unable to detect it.

“According to data from Google, as of April 2020, 91.8% of Android active users worldwide are on version 9.0 or earlier: Pie (2018), Oreo (2017), Nougat (2016), Marshmallow (2015), Lollipop (2014), KitKat (2013), Jellybean (2012) and Ice Cream Sandwich (2011).”

Android users need to update their devices with the latest version firmware as soon as possible to protect themselves from Strandhogg 2.0 attack.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Attackers Leverage Weaponized CAPTCHAs to Execute PowerShell and Deploy Malware

In a recent surge of sophisticated cyberattacks, threat actors have been utilizing fake CAPTCHA...

Researchers Uncover FIN7’s Stealthy Python-Based Anubis Backdoor

Researchers have recently discovered a sophisticated Python-based backdoor, known as the Anubis Backdoor, deployed...

Researchers Reveal macOS Vulnerability Exposing System Passwords

A recent article by Noah Gregory has highlighted a significant vulnerability in macOS, identified...

JumpServer Flaws Allow Attackers to Bypass Authentication and Gain Full Control

JumpServer, a widely used open-source Privileged Access Management (PAM) tool developed by Fit2Cloud, has...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Attackers Leverage Weaponized CAPTCHAs to Execute PowerShell and Deploy Malware

In a recent surge of sophisticated cyberattacks, threat actors have been utilizing fake CAPTCHA...

New Steganographic Malware Hides in JPEG Files to Spread Infostealers

A recent cybersecurity threat has been identified, where steganographic malware is being distributed through...

Massive “DollyWay” Malware Attack Compromises 20,000+ WordPress Sites Worldwide

A significant malware operation, dubbed "DollyWay," has been uncovered by GoDaddy Security researchers, revealing...