Android Vulnerability Allows Hackers to Steal Crypto Wallet Info

Ruben Fields
December 4, 2019

There's a new Android vulnerability which has the best disguise of posing as legitimate apps.

The request showing up on the screen can provide attackers with access to the camera, read and send messages, record phone conversations, get location and Global Positioning System information, steal the contact list and phone logs, and extract all files and photos stored on the compromised device.

It then discovered that a total of 36 apps were exploiting the flaw to trick users into granting intrusive permissions to malicious apps - while they thought they were using a legitimate app.

This is not a theoretical threat either, unfortunately. In all it found that 60 financial institutions had been targeted with various apps that exploited the vulnerability.

In addition to the threats listed above, an attacker could leverage StrandHogg to access a user's private photos and files, get location and Global Positioning System information, access a user list of contacts, and sift through phone logs.

"When the victim inputs their login credentials within this interface, sensitive details are immediately sent to the attacker, who can then login to, and control, security-sensitive apps", the researchers say.

The vulnerability enables malicious apps to be disguised as legitimate ones by exploiting a bug in the Android multitasking engine.

Goff throws for 424 yards, Rams roll past Cardinals 34-7
Rookie Kyler Murray had arguably the worst game of his professional career, completing 19 of 34 passes for 163 yards. Yet that's where this Arizona team is after getting humiliated, 34-7, by the Los Angeles Rams Sunday.

The researchers further note that sophisticated attacks by way of StrandHogg do not require the device to be rooted. This Android vulnerability can even access sensitive information when users login within this malicious interface.

"Promon researchers say that it's hard for app makers to detect if attackers are exploiting StrandHogg against their own app (s), but that the risk can be partly mitigated by setting the task affinity of all activities to "(empty string) in the application tag of AndroidManifest.xml.

Just as concerning, apps that leverage StrandHogg have been known to slip into Google Play.

These particular apps have been removed by Google, but dropper apps often bypass Google Play's protections and trick users into downloading them by pretending to have the functionality of popular apps.

Promon said the research built upon that carried out by Penn State University in 2015, which found aspects of the flaw and disclosed it to Google, but the search giant dismissed the vulnerability's severity.

"We appreciate the researchers' work", the company said, adding that "we're continuing to protect users against similar issues".

As always, users should be cautious about what apps they download and from where, what permissions the apps are requesting, and be on the lookout for any suspicious activity.

Other reports by

Discuss This Article