New vulnerability for Android called Strandhogg has been discovered in the wild and has been in use for some time by many nefarious actors. Discovery of this vulnerability has again brought the Security of Android into question.
New Strandhogg Vulnerability for Android Discovered in the Wild
The Security researchers at Promon, a Norwegian firm has discovered this vulnerability after an Eastern European security company for the financial sector that several banks in the Czech Republic reported money disappearing from customer accounts and coincidentally Promon provides them with Application Security.
The vulnerability is called as StrandHogg because of an old Norse language word that described the Viking tactic of raiding coastal areas to plunder and hold people for ransom.
StrandHogg is a vulnerability in the Android component that handles multitasking, the mechanism that enables the Android operating system to run multiple processes at once and switch between them once an app enters the user’s screen.
This means that a malicious app can request different permissions while claiming to be a legitimate app. It hides by asking for permissions that would be natural for various targeted applications to require, therefore hiding successfully in the open.
The analysis team also says that the StrandHogg vulnerability doesn’t require root access to run, and all versions of Android are vulnerable to this. The team has also noted that the malware is almost impossible for users to detect as it hides so well.
As per a spokesperson from Google, “We appreciate the researchers’ work and have suspended the potentially malicious apps they identified. Google Play Protect detects and blocks malicious apps, including ones using this technique.”