Monday, December 9, 2019
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Privacy

New Unpatched Strandhogg Android Vulnerability Actively Exploited in the Wild

December 3, 2019
in Internet Privacy
New Unpatched Strandhogg Android Vulnerability Actively Exploited in the Wild
585
SHARES
3.2k
VIEWS
Share on FacebookShare on Twitter

Cybersecurity researchers have discovered a new unpatched vulnerability in the Android operating system that dozens of malicious mobile apps are already exploiting in the wild to steal users’ banking and other login credentials and spy on their activities.

Dubbed Strandhogg, the vulnerability resides in the multitasking feature of Android that can be exploited by a malicious app installed on a device to masquerade as any other app on it, including any privileged system app.

You might also like

New Linux Bug Lets Attackers Hijack Encrypted VPN Connections

Facebook Sued Chinese Firm for Hacking its Users and Running Fraud Ads

FBI Puts $5 Million Bounty On Russian Hackers Behind Dridex Banking Malware

In other words, when a user taps the icon of a legitimate app, the malware exploiting the Strandhogg vulnerability can intercept and hijack this task to display a fake interface to the user instead of launching the legitimate application.

By tricking users into thinking they are using a legitimate app, the vulnerability makes it possible for malicious apps to conveniently steal users’ credentials using fake login screens, as shown in the video demonstration.

“The vulnerability allows an attacker to masquerade as nearly any app in a highly believable manner,” the researchers said.

“In this example, the attacker successfully misleads the system and launches the spoofing UI by abusing some task state transition conditions, i.e., taskAffinity and allowTaskReparenting.”

“When the victim inputs their login credentials within this interface, sensitive details are immediately sent to the attacker, who can then login to, and control, security-sensitive apps.”

Besides phishing login credentials, a malicious app can also escalate its capabilities significantly by tricking users into granting sensitive device permissions while posing as a legitimate app.

“An attacker can ask for access to any permission, including SMS, photos, microphone, and GPS, allowing them to read messages, view photos, eavesdrop, and track the victim’s movements.”

Discovered by researchers at Norwegian security firm Promon, Strandhogg task hijacking attacks are potentially dangerous because:

  • it is almost impossible for targeted users to spot the attack,
  • it can be used to hijack the task of any app installed on a device,
  • it can be used to request any device permission fraudulently,
  • it can be exploited without root access,
  • it works on all versions of Android, and
  • it doesn’t need any special permissions on the device.

Promon spotted the vulnerability after analyzing a malicious banking Trojan app that hijacked bank accounts of several customers in the Czech Republic and stole their money.

android task hijacking vulnerability

According to the researchers, some of the identified malicious apps were also being distributed through several droppers and hostile downloader apps available on the Google Play Store.
Mobile security firm Lookout then also analysed the malicious sample and confirmed that they had identified at least 36 malicious apps in the wild that are exploiting the Strandhogg vulnerability.

Web Application Firewall

“These apps have now been removed, but in spite of Google’s Play Protect security suite, dropper apps continue to be published and frequently slip under the radar, with some being downloaded millions of times before being spotted and deleted,” researchers say.

Promon reported the Strandhogg vulnerability to the Google security team this summer and disclosed details today when the tech giant failed to patch the issue even after a 90-day disclosure timeline.

Though there is no effective and reliable way to block or detect task hijacking attacks, users can still spot such attacks by keeping an eye on discrepancies, like:

  • an app you’re already logged into is asking for a login,
  • permission popups that do not contain an app name,
  • permissions asked from an app that shouldn’t require or need the permissions it asks for,
  • buttons and links in the user interface do nothing when clicked on,
  • The back button does not work as expected.


Credit: The Hacker News By: noreply@blogger.com (Swati Khandelwal)

Previous Post

UK government launches antitrust investigation of Google-Looker deal

Next Post

This trojan malware is being used to steal passwords and spread ransomware

Related Posts

New Linux Bug Lets Attackers Hijack Encrypted VPN Connections
Internet Privacy

New Linux Bug Lets Attackers Hijack Encrypted VPN Connections

December 6, 2019
Facebook Sued Chinese Firm for Hacking its Users and Running Fraud Ads
Internet Privacy

Facebook Sued Chinese Firm for Hacking its Users and Running Fraud Ads

December 6, 2019
FBI Puts $5 Million Bounty On Russian Hackers Behind Dridex Banking Malware
Internet Privacy

FBI Puts $5 Million Bounty On Russian Hackers Behind Dridex Banking Malware

December 6, 2019
Severe Auth Bypass and Priv-Esc Vulnerabilities Disclosed in OpenBSD
Internet Privacy

Severe Auth Bypass and Priv-Esc Vulnerabilities Disclosed in OpenBSD

December 5, 2019
New Iranian Data Wiper Malware Targeting Energy Sector
Internet Privacy

New Iranian Data Wiper Malware Targeting Energy Sector

December 5, 2019
Next Post
This trojan malware is being used to steal passwords and spread ransomware

This trojan malware is being used to steal passwords and spread ransomware

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Qeexo AutoML Demo: Automating Machine Learning for Embedded Devices
Machine Learning

Qeexo AutoML Demo: Automating Machine Learning for Embedded Devices

December 9, 2019
Discover how machine learning can solve finance industry challenges by Jannes Klaas
Data Science

Event Distribution as a Subject of Ontological Recognition Criteria

December 9, 2019
Why the Trail Blazers’ NBA Playoff Hopes May Be Completely Doomed
Crypto News

Why the Trail Blazers’ NBA Playoff Hopes May Be Completely Doomed

December 9, 2019
AWS SageMaker’s new machine learning IDE isn’t ready to win over data scientists
Machine Learning

AWS SageMaker’s new machine learning IDE isn’t ready to win over data scientists

December 9, 2019
US charges two members of the Dridex malware gang
Internet Security

US charges two members of the Dridex malware gang

December 9, 2019
Learn Python for data science and machine learning for just $10
Machine Learning

Learn Python for data science and machine learning for just $10

December 8, 2019
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Qeexo AutoML Demo: Automating Machine Learning for Embedded Devices December 9, 2019
  • Event Distribution as a Subject of Ontological Recognition Criteria December 9, 2019
  • Why the Trail Blazers’ NBA Playoff Hopes May Be Completely Doomed December 9, 2019
  • AWS SageMaker’s new machine learning IDE isn’t ready to win over data scientists December 9, 2019

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates