Cybercriminals have hit the jackpot with a risky vulnerability that breaches Android devices without rooting their operating system. Going by the name of StrandHogg, it allows malicious apps to overlay fake login screens on legitimate apps.First reported by Norwegian cybersecurity firm Promon and later confirmed by their partner firm Lookout earlier this month, the cybersecurity wing of Ministry of Home Affairs is worried how it will target Indian users.
Crux of the Matter
Researchers have discovered a new Android vulnerability that allows malware to pose as a popular app and ask for various permissions, potentially allowing hackers to listen in on users, take photos and read and send SMS messages.
This breach in security came into the top firm’s scanner when several banks in the Czech Republic reported money disappearing from their customer accounts.
36 malicious apps or dropper apps, which pretended to have the functionality of popular apps and bypassed the Google Play Protect, were removed from Google Play Store.
BBC News reported on Monday that Google is investigating the origin of the loophole because this further highlights the weakness in the multi-tasking system of Android OS. Currently, Users are just advised to be alert towards any suspicious app permissions.
Curiopedia
StrandHogg originates from the old Norse myth for a Viking tactic who loots and holds people for ransom in coastal raids. The Vikings had already developed spy networks from their many commercial encounters with vicus. These spies informed them of the local customs, the dates of religious feasts, helped with translation and indicated places to plunder and personalities to be removed. The term is used in Iceland till date. More Info
Curated Coverage
Comments