Published: Wed, December 04, 2019
Tech | By

Android malware: hackers can steal your bank account with this vulnerability

Security researchers say millions of Android phones are susceptible to a newly discovered vulnerability that, if exploited, could allow an attacker to spy on users through the phone's microphone, take photos with the phone's camera, read and send SMS text messages, make and record phone conversations, phish login credentials, and a host of other nefarious deeds.

Promon security researchers have uncovered a vulnerability that could allow cybercriminals to access private data on any Android phone.

Besides phishing login credentials, a malicious app can also escalate its capabilities significantly by tricking users into granting sensitive device permissions while posing as a legitimate app. "An attacker can ask for access to any permission, including SMS, photos, microphone, and Global Positioning System, allowing them to read messages, view photos, eavesdrop, and track the victim's movements".

Promon further explains how the malicious app poses as a legitimate one and seeks permissions from the user which are usually accepted.

"The attack can be created to request permissions which would be natural for different targeted apps to request, in turn lowering suspicion from victims". Users are unaware that they are giving permission to the hacker and not the authentic app they believe they are using.

Called StrandHogg, the vulnerability affects all versions of Android, including Android 10, and the researcher who made the discovery says that it "leaves most apps vulnerable to attacks". "This exploit is based on an Android control setting called "taskAffinity" which allows any app - including malicious ones - to freely assume any identity in the multitasking system they desire", the researchers explained.

"Promon identified the StrandHogg vulnerability after it was informed by an Eastern European security company [Wultra] for the financial sector (to which Promon supplies app security support) that several banks in the Czech Republic had reported money disappearing from customer accounts".

Promon in its blog post says that the Strandhogg vulnerability has kept all top 500 popular apps at risk with 36 malicious apps already identified.

Promon hasn't listed the apps but mentions that none of them are available for download via the Play Store.

"StrandHogg is unique because it enables sophisticated attacks without the need for the device to be rooted".

Promon said the research built upon that carried out by Penn State University in 2015, which found aspects of the flaw and disclosed it to Google, but the search giant dismissed the vulnerability's severity. "Additionally, we're continuing to investigate in order to improve Google Play Protect's ability to protect users against similar issues".

Like this: