Friday, May 9, 2025
HomeAndroidStrandHogg - Hackers Aggressively Exploiting New Unpatched Android OS Vulnerability in Wide...

StrandHogg – Hackers Aggressively Exploiting New Unpatched Android OS Vulnerability in Wide Using Malware

Published on

SIEM as a Service

Follow Us on Google News

Newly discovered Android vulnerability dubbed “StrandHogg” being exploited in wide by unknown hackers using weaponized malware apps that posed as a legitimate one to perform various malicious activities.

The vulnerability allows attackers to infect the Android phone without root access, and it affects all the android version including Android 10.

Researchers confirmed that 36 malicious apps are exploiting the vulnerability, and the top 500 most used apps are at risk for this vulnerability.

- Advertisement - Google News

Dubbed Strandhogg vulnerability in Android OS discovered by Promon, an app protection company that specializing in In-App Protection for both Android and Windows.

Strandhogg vulnerability in the Android allows a malicious app to display an Activity in the UI context of another app. which means, it enables hackers to perform screen overlays attack via malicious banking trojan to gain the apps permission.

Successful exploitation of this Strandhogg vulnerability let hackers perform various malicious operation including listen to the user through the microphone, Phish login credentials, Access phone logs, Get location and GPS information, Make and/or record phone conversations, Read and send SMS messages, Take photos through the camera and more.

Sadly still the vulnerability has not yet been fixed for any version of Android (incl. Android 10).

Attackers mainly infecting Android users via droppers apps distributed via Google Play, Google removed some of the strange apps that posed a threat to Android users, but still, attackers introducing the new dropper apps and downloaders to infect users phone with malware.

How Hackers Exploit The Android Using StrandHogg Vulnerability

At the initial stage of infection, malicious apps that posed a legitimate one requesting to users any sensitive permissions including SMS, photos, microphone, and GPS, allowing them to read messages, view photos and more.

According to Promon research, “The attack can be designed to request permissions which would be natural for different targeted apps to request, in turn lowering suspicion from victims. Users are unaware that they are giving permission to the hacker and not the authentic app they believe they are using.”

If the user clicks the legitimate app, a malicious login page will be displayed in the victim’s screen instead of a legitimate app screen, it lookalike legitimate one to users.

strandhogg
Infection Process

If they entered any sensitive data such as credentials on the screen, it directly sends to the attackers who can then login to, and control, security-sensitive apps, then the normal legitimate screen will have appeared.

” StrandHogg, unique because it enables sophisticated attacks without the need for a device to be rooted, uses a weakness in the multitasking system of Android to enact powerful attacks that allows malicious apps to masquerade as any other app on the device. This exploit is based on an Android control setting called ‘taskAffinity’ which allows any app – including malicious ones – to freely assume any identity in the multitasking system they desire. ” Researchers said.

Attackers dropping malware via several Hostile Downloaders and it hijacks the target’s task. Once the targeted app launched by users, the hijacked task will be brought to the front and the malicious activity will be visible.

Finally, the malicious app pretends to be a legitimate one without letting users know and steal sensitive data from compromised Android devices.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Cyberattackers Targeting IT Help Desks for Initial Breach

Cybercriminals are increasingly impersonating IT support personnel and trusted authorities to manipulate victims into...

New Stealthy .NET Malware Hiding Malicious Payloads Within Bitmap Resources

Cybersecurity researchers at Palo Alto Networks' Unit 42 have uncovered a novel obfuscation method...

Hackers Weaponizing Facebook Ads to Deploy Multi-Stage Malware Attacks

A persistent and highly sophisticated malvertising campaign on Facebook has been uncovered by Bitdefender...

Threat Actors Target Job Seekers with Three New Unique Adversaries

Netcraft has uncovered a sharp rise in recruitment scams in 2024, driven by three...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Cisco IOS XE Vulnerability Allows Attackers to Gain Elevated Privileges

Cisco has issued an urgent security advisory (ID: cisco-sa-iosxe-privesc-su7scvdp) following the discovery of multiple...

Cisco IOS, XE, and XR Vulnerability Allows Remote Device Reboots

 Cisco has issued an urgent security advisory (cisco-sa-twamp-kV4FHugn) warning of a critical vulnerability in...

Cisco IOS XE Wireless Controllers Vulnerability Lets Attackers Seize Full Control

A critical security flaw has been discovered in Cisco IOS XE Wireless LAN Controllers...