Security researchers have found a major vulnerability in Android, which lets malware imitate legitimate apps to steal app passwords, and other sensitive data. The vulnerability is called a Strandhogg 2.0 which has been named after the Norse term from a hostile takeover. The Standhogg 2.0 has effects on all devices running Android 9.0 and earlier. According to Norweign Security Firm Promon, Strandhogg 2.0 is the “evil twin” to an earlier bug of the same name.
Strandhogg 2.0 tricks victims into thinking they’re entering their passwords on a legitimate app but they are instead interacting with a malicious overlay. Moreover, Strandhogg 2.0 has the ability to hijack other apps’ permission to steal sensitive data of users including contacts, photos and also able to access the victim’s location.
By keeping tabs on every recently opened app for the convenience of the user’s work, the user or the victim tends to download a malicious app that can exploit Strandhogg 2.0 vulnerability. After the installation process, when a user opens a legitimate app, the malicious app will hijack the legitimate apps. When the victim enters their passwords on the malicious app but thinking of entering passwords on the legitimate app, their passwords get siphoned off to the hacker’s server.
Strandhogg 2.0 will have access to a victim’s contacts, photos, and messages, even though it doesn’t need any Android permissions of other apps. The malicious app will upload data from a user’s phone and the malware can upload the entire text message conversation. In addition, the hackers will be able to defeat 2FA or MFA protections which allow the hacker to access most of the apps in the user’s phone. Once the permission is granted, the malware has the dangerous permission to get access to the victim’s data. However, Android devices have recently released new security features that will fix the vulnerability and protect the victim’s data from the Strandhogg 2.0. Thus, all android users are advised to update their phone as soon as possible.