Published: Thu, December 05, 2019
Tech | By

Unpatched Android Flaw Exploited To Steal Banking Logins

Unpatched Android Flaw Exploited To Steal Banking Logins

"In addition, the malware exploited the vulnerability to overlay a counterfeit log-in page over a legitimate app, unbeknownst to the user, and send any credentials the user enters straight to an attacker". Although these apps have been removed, the vulnerability has not yet been fixed for any version of Android.

The vulnerability is present in a operate often called TaskAffinity, a multitasking characteristic that permits apps to imagine the identification of different apps or duties operating within the multitasking surroundings.

Google representatives didn't respond to questions about when the flaw will be patched, how many Google Play apps were caught exploiting it, or how many end users were affected.

In a statement, Google said: "We appreciate the work of the investigators, and has suspended the application of potentially risky they are identified". This bug can be activated by a malicious app.

Also, Lookout has identified 36 malicious apps that were actively exploiting the vulnerability, among them discovering variants of the BankBot banking Trojan that were observed as early as 2017.

"If app developers can just circumvent the system, then asking consumers for permission is relatively meaningless", said Serge Egelman, director of usable security and privacy research at UC Berkeley's International Computer Science Institute, which produced the research.


Typos and mistakes in the user interface. So, when the user clicks a trusted app's icon on the screen, a malicious version instead starts.

The back button does not work as expected.

And secondly, researchers say StrandHogg allows real-life malware to pose as legitimate apps, with users unaware they are being targeted. More than 60 financial institutions have been targeted by the technique, a survey of the Play store indicated.

Promon's chief technology officer welcomed Google's response, as he said many other applications that could potentially be exploited through spoofing bug.

The problem emerged after Norwegian mobile security company Promon analysed malicious apps that had been spotted draining bank accounts.

"The specific malware sample which Promon analyzed did not reside on Google Play but was installed through several dropper apps/hostile downloaders distributed on Google Play", the researchers added. Whereas Google has eliminated them, it isn't unusual for brand new malicious apps to make their approach into the Google-operated service. Update: In an email sent after this post went live, a Lookout representative said none of the 36 apps it found was available in Google Play. People should also pay close attention to permissions requested by any app.

Like this: