Security researchers recently reported a new Android bug that exposes a major vulnerability. The bug allows the malware to pose like a legitimate app.
Researchers call the new bug Strandhogg 2.0. The bug gets its name from a Norse word which means “hostile takeover.” The bug affects all smartphones running on Android 9.0 and older versions.
Researchers said that the new bug is an ‘evil twin’ of an older bug that bears the same name. This is why the new bug bears the 2.0 version number. Norwegian security firm Promon is responsible for discovering the bugs just six months apart.
How the bug works
The new Strandhogg strain works on the capabilities of its predecessor. Security researchers claim that the new strain is more dangerous than the old one. Additionally, the bug is virtually invisible to many, and detecting it takes a lot of technical skills.
StrandHogg 2.0 – The ‘evil twin’ – New Android Vulnerability Even More Dangerous, With Attacks More Difficult to Detect Than Predecessor. Learn more: https://t.co/C6iMwMZYxW #StrandHogg #Vulnerability #Android
— Promon (@Promon_Shield) May 26, 2020
Strandhogg 2.0 uses various mechanisms to disguise itself. This is the bug’s most dangerous asset as it tricks users by posing as a legitimate app. Once it infiltrates its target, it is capable of stealing user information and password.
Apart from stealing user information, it is also capable of hijacking app permissions. The bug can alter permissions of other apps which allow it to steal data, contacts, photos, and even GPS location.
Once the target grants permission, it will allow the malware to upload data into the target’s device. It is also capable of uploading an entire SMS conversation into the target device.
Despite the danger it poses, security researchers claim that no active hacking effort uses the bug. However, the researchers claim that there is still a possibility that hackers can utilize it since it is virtually ‘invisible.’
Google in defense mode
Since the bug poses a critical risk, the researchers did not disclose it to the public until Google is notified. It is still unclear whether Google is working on a patch.
In a statement, a Google spokesperson says:
“We appreciate the work of the researchers. And have released a fix for the issue they identified.”
The spokesperson adds that Google Play Protect is capable of blocking apps that exploit the Strandhogg 2.0 bug. It is a built-in feature in Android devices.
The risk the bug poses to users is relatively low, but not totally zero. Security researchers said that updating Android devices is the best line of defense. Moreover, Google claims that it is developing a fix in order to fix the vulnerability.
Image courtesy of Nahel Abdul Hadi/Unsplash