Malicious apps are bad enough, but what if you have one on your phone that looks just like an app you use everyday? As it turns out, researchers from the Norwegian application security firm Promon discovered an Android vulnerability that does just that.
Dubbed StrandHogg, it impacts all Android devices including the most recent versions and updates. It also reportedly “puts the top 500 most popular apps at risk” without even needing root access. If you have an Android in your pocket, you are at risk.
StrandHogg is delivered through a malicious dropper app that then downloads additional apps posing as some of your favorites. From there it will request additional permissions to your phone, allowing it to spy on your activity, steal credentials, track your location, access your data, and access features like the camera and microphone. Thirty-six known dropper apps have since been removed from the Google Play store, but even more will surely take their place.
At this time it’s unclear whether Google plans to do anything about StrandHogg. The vulnerability itself is not exactly brand new. The Promon team’s work was actually a continuation of research conducted in 2015 by a team at Penn State. Back then they proved that the vulnerability was theoretically possible, but it wasn’t enough to get Google to take it seriously. Now that it’s being actively exploited in the wild, perhaps that will change.
Despite the fact that StrandHogg impacts all 2.5 billion Android devices in use, a healthy dose of user awareness will go a long way in mitigating the risk. If an app you normally use is behaving strangely, there may be something wrong and you should stop using it immediately.
Tell-tale signs of malicious app activity include unusual permissions requests or requests that don’t include the app name; login prompts when you are already logged in; and mistakes in the interface like typos or buttons that don’t work.
Always download apps from trusted sources and even then, a quick check to make sure an app is legit can save a lot of headaches later.
Sources:
• https://lifehacker.com/how-to-tell-if-an-android-app-is-strandhoggmalware-in-1840172627