The StrandHogg vulnerability

22:05, Wednesday, 04 December, 2019
The StrandHogg vulnerability

Promon security researchers have found proof of a dangerous Android vulnerability, dubbed ‘StrandHogg’, that allows real-life malware to pose as legitimate apps, with users unaware they are being targeted. Lookout, a partner of Promon, confirmed that they have identified 36 malicious apps exploiting the vulnerability. Among them were variants of the BankBot banking trojan observed as early as 2017. *During testing, Promon researchers found that all of the 500 most popular apps (as ranked by app intelligence company 42 Matters) are vulnerable to StrandHogg. *All versions of Android affected, incl. Android 10 (note: the permission harvesting exploit is only from Android 6.0 and onwards).
     BankBot: one of the most widespread banking trojans around, with dozens of variants and close relatives springing up all the time. BankBot attacks have been detected all over the world, in the U.S., Latin America, Europe and the Asia Pacific region.

| | |
6414 | 0