Those now exploiting the vulnerability are doing exactly that, specifically targeting banking apps, tricking users into entering their login details on a fake login screen, the users none the wiser as they've clicked on their banking app. This is true across all versions of Android up to the most recent, Android 10.
"Promon researchers say that it's hard for app makers to detect if attackers are exploiting StrandHogg against their own app (s), but that the risk can be partly mitigated by setting the task affinity of all activities to "(empty string) in the application tag of AndroidManifest.xml. In addition, some examples of malware attacking the vulnerability are variants of the notorious Bankbot Trojan, evidence that attackers are aware of the vulnerability and are actively exploiting it to steal banking credentials and money.
Promon security firm discovered StrandHogg vulnerability that is already exploited in the wild.
None of those 36 apps were in the Google Play Store, but there's a twist.
The malicious code can include fake login screens that appear to be from the legitimate app but are instead generated from the malicious app. "The industry analyst firm Gartner forecasts that by 2022, at least 50% of successful attacks against clickjacking and mobile apps could have been prevented using in-app protection". Google Play Protect detects and blocks malicious apps, including ones using this technique.
The StrandHogg flaw, named after the Vikings who would raid beach towns, is pretty easy to grasp. The vulnerability would also let the hackers track infected users without their knowledge. Operating underneath the guise of trusted apps already put in, the malicious apps can then request permissions to hold out delicate duties, akin to recording audio or video, taking photographs, studying textual content messages or phishing login credentials.
The company claimed the loophole exists in the multi-tasking system of Android and that threat actors have been exploiting it with malicious apps that compromise legit apps and steal confidential login passwords, location, messages, and other private data from them. You could inadvertently give hackers almost total control over your phone. This is an OS-level that, sadly, hasn't been fixed by Google in any version of Android to date and all Android devices are exposed to this security flaw and malicious intent.
How Strandhogg gets all permissions? .
Worryingly, it was found that most of the top 500 apps in Google Play were vulnerable to being exploited.
We've reached out to Google for comment about this Android flaw and will update this story when we receive a response.