The global weakness of Android was uncovered by security researchers from Promon, and it can reportedly allow hackers to access private banking data using an Android phone.
Promon, a Norweigan application security firm exposed on December 2 that their researchers have discovered a treacherous Android vulnerability which they called StrandHogg. The vulnerability purportedly infected all Android versions and has put the top 500 most sought-after Android apps at risk.
The CTO of Promon Lysemose Hansen noted that the firm has a palpable evidence that cybercriminals are manipulating StrandHogg to steal private data. The potential impact of this vulnerability could be exceptional in terms of the amount of damage caused, and scale since the level of damage caused by most apps are weak by default and all versions of Android are affected.
How do cybercriminals use StrandHogg?
The Android vulnerability deceits Android device users by shamming as any other application and making users believe that they are using the real app. It then lets malicious apps to gather users’ credentials by presenting a fake and malicious version of a login screen.
According to the report, when the user inputs their login information to the fake login screen, the private details are immediately sent to the hacker. The information will let these hackers log in and control security-sensitive applications.
Apart from looting private information like crypto wallet and login information, StrandHogg also has the ability to listen to the user through their device’s microphone, read and send text messages, as well as access all personal pictures and data on the device.
Furthermore, the researchers from Promon emphasized that they unveiled their research findings last Summer to Google. The said search engine removed the affected apps; however, it still looks like the vulnerability is still not fixed for any Android versions.