Android flaw lets hackers use fake login pages to swallow banking data

Just recently, a group of researchers from Norwegian mobile security firm Promon flagged a critical security flaw, called StrandHogg, in Android phones.

Despite Penn State University researchers theoretically describing certain aspects of the StrandHogg vulnerability in 2015 and Promon notifying Google of their discovery this summer, Google has yet to plug the security hole, but they said they are investigating ways to improve Google Play Protect's ability to protect users against similar issues. "An attacker can ask for access to any permission, including SMS, photos, microphone, and Global Positioning System, allowing them to read messages, view photos, eavesdrop, and track the victim's movements", researchers John Høegh-Omdal, Caner Kaya, and Markus Ottensmann at app security provider Promon say.

The company claimed the loophole exists in the multi-tasking system of Android and that threat actors have been exploiting it with malicious apps that compromise legit apps and steal confidential login passwords, location, messages, and other private data from them.

All versions of Android are affected and all of the top 500 most popular Android apps are at risk, they found.

"By exploiting this vulnerability, a malicious app installed on the device can attack the device and trick it so that when the app icon of a legitimate app is clicked, a malicious version is instead displayed on the user's screen". Most app permissions include SMS, camera, microphone and Global Positioning System which in turn gives access to hackers to the user's device.

Australia says treatment endured by its citizen in Chinas detention camp unacceptable
Australia's foreign minister on Monday said the treatment of a writer detained in China was "unacceptable", after reports emerged of torture and daily interrogation.

"The attack can be created to request permissions which would be natural for different targeted apps to request, in turn lowering suspicion from victims".

"Promon identified the StrandHogg vulnerability after it was informed by an Eastern European security company [Wultra] for the financial sector (to which Promon supplies app security support) that several banks in the Czech Republic had reported money disappearing from customer accounts". This Android vulnerability can even access sensitive information when users login within this malicious interface.

"StrandHogg is unique because it enables sophisticated attacks without the need for the device to be rooted". Mobile security firm Lookout then also analysed the malicious sample and confirmed that they had identified at least 36 malicious apps in the wild that are exploiting the Strandhogg vulnerability.

Very important to know is that StrandHogg does not spread through applications published in the Google Play Store. Google's been good at rooting them out and removing them, but it is an ongoing battle, the researchers say.

Related News:

  • Facebook takes down Conservative ad that featured BBC content | #TheCube

    Facebook takes down Conservative ad that featured BBC content | #TheCube

    Requested in regards to the letter through the CBS interview , Zuckerberg stated "this is clearly a very complex issue". Facebook acquiesced, however, due to " intellectual property " concerns.
    Doug Pederson: Eagles 'Self-Destructed' Against Dolphins

    Doug Pederson: Eagles 'Self-Destructed' Against Dolphins

    Doug Pederson has some work to do in order to get the Eagles back into playoff contention, let alone win the NFC East title. The key game in the formula was the Eagles' Week 8 win and the Cowboys' Thanksgiving loss to the Bills.
    Qualcomm unveils new Snapdragon platforms

    Qualcomm unveils new Snapdragon platforms

    Qualcomm has been teasing that it might supply Snapdragon chips with built-in 5G modems since February. What's interesting is that there's going to be a second 5G chipset platform: the Snapdragon 765/765G.
  • Best iPhone XR Deal for Black Friday 2019

    Best iPhone XR Deal for Black Friday 2019

    Thanks to a deal from Carphone Warehouse, you can now get the iPhone 11 Pro for just £49 a month and £99 upfront . The code takes £25 off the up-front price of the Apple iPhone 11 64GB while you enter TRIPH11 on the checkout.
    Joe Biden says he doesn't need Obama's endorsement

    Joe Biden says he doesn't need Obama's endorsement

    And I was just really touched that she had the courage to answer that question in a different way than she has spoken before. Warren, who appeared emotional, paused before responding, "Yeah". "Yeah", Warren said, pausing.
    OPEC+ expected to deepen output cuts to 1.5 mln bpd -JPM

    OPEC+ expected to deepen output cuts to 1.5 mln bpd -JPM

    Brent for February settlement gained 22 cents, or 0.4 percent, to $61.14 a barrel on the London-based ICE Futures Europe Exchange. While OPEC may cut output, USA producers have been happy to meet any market shortfalls with record-setting output.
  • US passes Uighur bill, demands sanctions on Chinese officials

    US passes Uighur bill, demands sanctions on Chinese officials

    Rights groups say that tens of thousands of Muslims are detained in high-security prison camps across Xinjiang. It has warned of retaliation "in proportion" if Chen were targeted.
    Edmonton Oilers vs. Vancouver Canucks, 12/1/19 Prediction & Odds

    Edmonton Oilers vs. Vancouver Canucks, 12/1/19 Prediction & Odds

    Antonie Roussel has been recalled from the Comets after being on loan for a conditioning stint and playing two AHL games. American Thanksgiving is in the rear-view mirror and the Edmonton Oilers are sitting atop the Pacific Division standings.
    Cowboys' Jerry Jones: Jason Garrett Will be NFL Coach in 2020

    Cowboys' Jerry Jones: Jason Garrett Will be NFL Coach in 2020

    Dallas reached its lowest point of the season on Thanksgiving, when nearly every unit struggled in a double-digit loss to Buffalo. Dallas Cowboys owner Jerry Jones has suggested his franchise's coach will have a job in the National Football League next season.
  • Baltimore Ravens Win At Buzzer Against the San Francisco 49ers

    Baltimore Ravens Win At Buzzer Against the San Francisco 49ers

    So chances are good that the Saints will be able to (temporarily) grab the top seed in the NFC playoffs picture after this game. If San Francisco ends up in a Wild Card spot, they would have gone from 8-0 to having to spend their postseason on the road.
    Ukrainian president slams Trump decision to delay military aid

    Ukrainian president slams Trump decision to delay military aid

    He presses Ukraine for investigations into Democrats as USA aid to Ukraine is withheld. If you're our strategic partner, then you can't go blocking anything for us.
    Kamala Harris drops out of Democratic 2020 presidential race

    Kamala Harris drops out of Democratic 2020 presidential race

    She told supporters in an email Tuesday that she "simply doesn't have the financial resources we need to continue". The decision to drop out of the race comes after upheaval among staff and disarray among Harris' own allies.


Most liked

Former Heisman Trophy-Winning Quarterback Has Died
Sullivan is one of three Auburn Tigers to win the Heisman , the annual award given to college football's most outstanding player. Auburn Director of Athletics Allen Greene: "On behalf of the Auburn family, we are heartbroken by the passing of Pat Sullivan ".

First female pilot in Indian Navy
After earning her wings two days before the Navy Day on Wednesday, Shivangi said she was happy with her achievement. Shivangi was commissioned into the Indian Navy past year after initial training.

Vikings running back Dalvin Cook suffers injury on third-quarter fumble
Because they sure look to have everything necessary to win when things get really serious starting next month. So here are the Seahawks now sitting at 10-2 with a win on the road over the 49ers in their back pocket.

French fries shortage possibly looming after potato crops damaged by weather
Luckily, there are three states that managed to have significant spud increases: Wisconsin and MI by 6.8% and ME by 9.6%. The United Potato Growers of Canada told Bloomberg that about 18% of the potato harvest had to be abandoned this year.

‘RHOA’ star Porsha Williams is getting married again
Asked by Cohen if she trusts McKinley now, Williams said the two are "still working it out". In the end, though, Williams said that she hopes fans stick by and watch her journey.

SA Rappers Listed On Most Streamed South African Artists in South Africa
Toronto hip-hop star Drake earned the artist of the decade honour with more than 28 billion streams of his music. Drake is the king of streaming: the rapper has been named Spotify's most-streamed artist of the decade.

Caitlyn Jenner Reveals How Much Money Kylie Jenner Spends on Security
Opening up about her relationship with Khloe Kardashian , Caitlyn Jenner said she has not spoken to her stepdaughter for six years.

Trump lashes out at North Atlantic Treaty Organisation , again
Trump said that French President Emmanuel Macron's words about NATO's " brain death " are "very nasty". It is very disrespectful". "He's worked long hours, I can tell you, and gone all over the world".

Feds Arrest Programmer for Giving Cryptocurrency Talk in North Korea
The court documents implied that Griffith acknowledged that this would violate sanctions against the communist state. The complaint also says that Griffith discussed "cryptocurrency technologies to evade sanctions and launder money".

'2010s is set to the hottest decade in history'
The WMO statement warns ice is melting, sea levels are rising at record rates, and floods and heatwaves are becoming more regular. By the end of the year, the WMO said new displacements due to weather extremes could reach 22 million.

Federal appeals court sides with Congress in battle for Trump's bank records
The court noted that the president had not disputed that the bank loaned him at least $130 million when no other bank would do so. That process may not take place if Trump appeals the decision to the Supreme Court.

Malta parliament surrounded by protesters demanding PM's removal
Following Fenech's arrest , he attempted to implicate Joseph Muscat's chief of staff, Keith Schembri , who resigned last week. Fenech had named Schembri, along with two ministers in the government, in a criminal probe into Caruana Galizia's murder.

Greta Thunberg says sailing voyage 'energized' her climate fight
Thunberg wanted a low-carbon form of transport to get to the climate meeting, which was switched at short notice to Spain from Chile due to unrest there.

North Korea warns U.S. to choose 'Christmas gift' as tensions rise
In recent weeks, senior State Department officials have downplayed the seriousness of North Korea's year-end deadline. He urged the U.S. for a decision on their denuclearization negotiations before the year-end deadline.

Concerns about low vaccination rates of children for influenza in Wakefield District
It is too early in the season to determine how effective the current vaccine might be against active flu strains, Schlosser said. This can include your health care provider's office, county health departments, pharmacies, and community vaccination clinics.