Categories: AndroidMalware

New Android Bug Strandhogg 2.0 Affects all Devices Running Android 9.0 and Earlier

A new Android bug dubbed StrandHogg 2.0 affects all devices running Android 9.0 and earlier. The bug lets malicious apps pose a legitimate app and steal victim data.

The bug was found by the Promon researchers tracked as (CVE-2020-0096) and it is similar to the original StrandHogg bug that was discovered as last year.

StrandHogg 2.0 The ‘evil twin’

StrandHogg 2.0 app enables attackers to hijack nearly any app and to exfiltrate sensitive user data, like contacts, photos, and track a victim’s real-time location.

The Version 2.0 is different from original strandhogg, with the original version that attack is via Android control setting called ‘taskAffinity’ which allows any app – including malicious ones – to freely assume any identity in the multitasking system they desire.

The second version of the bug allows “executed through reflection, allowing malicious apps to freely assume the identity of legitimate apps while also remaining completely hidden.”

By using the StrandHogg 2.0, if a malicious app installed on the device it allows attackers to gain “access to private SMS messages and photos, steal victims’ login credentials, track GPS movements, make and/or record phone conversations, and spy through a phone’s camera and microphone.”

Tom Lysemose Hansen, CTO and founder of Promon said that “We see StrandHogg 2.0 as StrandHogg’s even more evil twin”.

The version 2.0 attackers nearly any app on a given device simultaneously at the touch of a button, and it is difficult to detect because of its code-based execution.

To exploit this vulnerability root access is not required, it enables sophisticated attacks, even on unrooted devices.

“By exploiting this vulnerability, a malicious app installed on a device can attack and trick the user so that when the app icon of a legitimate app is clicked, a malicious version is instead displayed on the user’s screen,” reads the research.

If victims input the login credentials and sensitive data with the malicious app, then the details are sent to the attackers’ server.

Malware that exploits StrandHogg 2.0 is a nightmare for the users because even anti-virus and security scanners unable to detect it.

“According to data from Google, as of April 2020, 91.8% of Android active users worldwide are on version 9.0 or earlier: Pie (2018), Oreo (2017), Nougat (2016), Marshmallow (2015), Lollipop (2014), KitKat (2013), Jellybean (2012) and Ice Cream Sandwich (2011).”

Android users need to update their devices with the latest version firmware as soon as possible to protect themselves from Strandhogg 2.0 attack.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

View Comments

Recent Posts

Threat Actors Exploit Google Docs And Weebly Services For Malware Attacks

Phishing attackers used Google Docs to deliver malicious links, bypassing security measures and redirecting victims…

12 hours ago

Python NodeStealer: Targeting Facebook Business Accounts to Harvest Login Credentials

The Python-based NodeStealer, a sophisticated info-stealer, has evolved to target new information and employ advanced…

12 hours ago

XSS Vulnerability in Bing.com Let Attackers Send Crafted Malicious Requests

A significant XSS vulnerability was recently uncovered in Microsoft’s Bing.com, potentially allowing attackers to execute…

15 hours ago

Meta Removed 2 Million Account Linked to Malicious Activities

 Meta has announced the removal of over 2 million accounts connected to malicious activities, including…

18 hours ago

Veritas Enterprise Vault Vulnerabilities Lets Attackers Execute Arbitrary Code Remotely

Critical security vulnerability has been identified in Veritas Enterprise Vault, a widely-used archiving and content…

19 hours ago

7-Zip RCE Vulnerability Let Attackers Execute Remote Code

A critical security vulnerability has been disclosed in the popular file archiving tool 7-Zip, allowing…

20 hours ago