Recently, a security company in Norway disclosed an Android application vulnerability named after the word StrandHogg that described the Viking tactic of raiding coastal areas. This vulnerability allows hackers to steal money from users’ bank account silently, monitor their phones & message, and use the camera to take photos without users’ permission. Thankfully, Google has adopted measures to address the vulnerability and has suspended the affected applications.
As for the mysterious money disappearance from bank card, it happened at many banks in the Czech Republic. Unlawful attackers use the StrandHogg vulnerability and use malware such as the BankBot Trojan to silently steal the card balances of multiple bank users, forcing them to seek for assistance from many security service providers of Eastern European financial institutions.
StrandHogg is an application vulnerability in Android multitasking system. The exploit is based on an Android control setting called “taskAffinity”, which allows arbitrary programs, including malicious applications, to use any identity in the multitasking system at will.
Judging from the zero-day verification, the StrandHogg vulnerability does exist in Android’s multi-tasking system. Once a malicious program is installed and used, it can successfully disguise a legitimate application, gain higher permissions, steal information, or perform arbitrary malicious actions operating.
In short, if your device has this infection, a malicious application using the Strandhogg vulnerability can intercept the hijacking task and show the user a fake application interface when users click on the icon of a normal application.
At this time, you may enter your account number, password, and perform any operation with peace of mind on a false interface without any precaution. As a result, your sensitive information will be sent to the attacker as soon as it is entered. You can’t image what the hackers can do with your sensitive information. They may log into your bank account and steal money. They also can use your identity to perform illegal activities.
Hackers can make use of StrandHogg vulnerability to access your camera, microphone & location information, read SMS for privacy as well as 2FA codes via SMS, capture login credentials, and steal your private photos, videos and contacts etc. They can steal your money, abuse your identity and ruin your device. Remember to install reliable and powerful security software to protect your device.
Published by Emerson L. Sullivan & last updated on December 6, 2019 2:50 am