Android Vulnerability Allows Hackers to Steal Crypto Wallet Info

Ruben Fields
December 4, 2019

There's a new Android vulnerability which has the best disguise of posing as legitimate apps.

The request showing up on the screen can provide attackers with access to the camera, read and send messages, record phone conversations, get location and Global Positioning System information, steal the contact list and phone logs, and extract all files and photos stored on the compromised device.

It then discovered that a total of 36 apps were exploiting the flaw to trick users into granting intrusive permissions to malicious apps - while they thought they were using a legitimate app.

This is not a theoretical threat either, unfortunately. In all it found that 60 financial institutions had been targeted with various apps that exploited the vulnerability.

In addition to the threats listed above, an attacker could leverage StrandHogg to access a user's private photos and files, get location and Global Positioning System information, access a user list of contacts, and sift through phone logs.

"When the victim inputs their login credentials within this interface, sensitive details are immediately sent to the attacker, who can then login to, and control, security-sensitive apps", the researchers say.

The vulnerability enables malicious apps to be disguised as legitimate ones by exploiting a bug in the Android multitasking engine.

Pixel 4 Getting December's Android Update Next Week, Here are the Fixes
It should also add dark mode support for the boot loader and improve the intensity of haptic vibrations "in certain cases". However, it surprised 2016 Pixel and Pixel XL owners when it brought Android 10 update to both handsets earlier this year.

The researchers further note that sophisticated attacks by way of StrandHogg do not require the device to be rooted. This Android vulnerability can even access sensitive information when users login within this malicious interface.

"Promon researchers say that it's hard for app makers to detect if attackers are exploiting StrandHogg against their own app (s), but that the risk can be partly mitigated by setting the task affinity of all activities to "(empty string) in the application tag of AndroidManifest.xml.

Just as concerning, apps that leverage StrandHogg have been known to slip into Google Play.

These particular apps have been removed by Google, but dropper apps often bypass Google Play's protections and trick users into downloading them by pretending to have the functionality of popular apps.

Promon said the research built upon that carried out by Penn State University in 2015, which found aspects of the flaw and disclosed it to Google, but the search giant dismissed the vulnerability's severity.

"We appreciate the researchers' work", the company said, adding that "we're continuing to protect users against similar issues".

As always, users should be cautious about what apps they download and from where, what permissions the apps are requesting, and be on the lookout for any suspicious activity.

Other reports by

Discuss This Article