This Android flaw lets hackers steal banking passwords, account money

The people have spoken these are the year's best Android apps and games

The people have spoken these are the year's best Android apps and games

Those apps were not in the Google Play store, but there are other vectors that could be used to get malicious apps on target devices, as well.

Hackers exploiting StrandHogg can "listen to the user through the microphone; take photos through the camera; read and send SMS messages; make and/or record phone conversations; phish login credentials; get access to all private photos and files on the device; get location and Global Positioning System information; get access to the contacts list [and] access phone logs", according to the report.

Mobile security company Lookout has identified 36 malicious apps exploiting the StrandHogg vulnerability, and among them were variants of the BankBot banking trojan.

"The potential impact of this could be unprecedented in terms of scale and the amount of damage caused because most apps are vulnerable by default and all Android versions are affected".

A quirk in the way that Android handles multitasking on mobile devices has created a vulnerability that researchers say is being used by attackers to impersonate legitimate apps and steal user information, and in some cases money from bank accounts. Unfortunately, Google hasn't fixed the issue on any version of Android, which means that any Android user is exposed to the malware. Researchers then investigated their data transfer process after the user denied them permission to access data. Hackers also don't require root access to exploit this vulnerability in Android devices.

"By exploiting this vulnerability, a malicious app installed on the device can attack the device and trick it so that when the app icon of a legitimate app is clicked, a malicious version is instead displayed on the user's screen".

Just as concerning, apps that leverage StrandHogg have been known to slip into Google Play.

- An app or service that you're already logged into is asking for a login. After permission is given, the app starts running normally. These codes can ask for permission or show phishing pages.

Typos and mistakes in the user interface.

Again button doesn't work as anticipated.

According to Techradar, Google is aware of the vulnerability, having suspended applications that were identified as malicious.

"Our researchers focused on describing the vulnerability, as such, but we also collaborated with Lookout Security who contributed some parts by scanning their datasets of malware".

"The specific malware sample which Promon analyzed did not reside on Google Play but was installed through several dropper apps/hostile downloaders distributed on Google Play". "Where available, users should also make sure that the "Verify Apps" setting is enabled in Android's security settings".

Notícias recomendadas

  • Scientists slam Chinese CRISPR babies research

    Scientists slam Chinese CRISPR babies research

    Jiankui had claimed that the experiment would lead to a medical breakthrough wherein the HIV epidemic can be controlled. Researchers were also concerned that the parents of the babies were pressured into consenting to the experiment.
    I'm A Celeb's Andrew Maxwell opens up about Ian Wright bullying claims

    I'm A Celeb's Andrew Maxwell opens up about Ian Wright bullying claims

    Despite his "hangry" moments, I actually think he's doing a fantastic job and I'm really proud". But Haskell said: "The food, the sooner you have the answer, the sooner they turn back up".
    Bank of Canada maintains interest rate: Read the official statement

    Bank of Canada maintains interest rate: Read the official statement

    Toronto time, as investors pared bets on future cuts. "Today's statement can be characterized as glass half full". Inflation will increase temporarily in the coming months due to year-over-year movements in gasoline prices.
  • Permanent hair dye, increased breast cancer risk linked in new study

    Permanent hair dye, increased breast cancer risk linked in new study

    While earlier studies on hair dye and cancer risk included mostly white women, the new study includes 9% African American women. Jane Raymond, a medical oncologist specializing in breast cancer at Allegheny General Hospital in Pittsburgh's North Side.
    Stanford law professor lights up House impeachment hearing

    Stanford law professor lights up House impeachment hearing

    Turley tells members of the House Judiciary Committee that he thinks the impeachment proceedings are being rushed for no reason. In the Federalist Papers, Alexander Hamilton described an impeachable offense as "the abuse or violation of some public trust".
    Bernie Sanders Surrogate Linda Sarsour Accuses Israel of ‘Jewish Supremacy’

    Bernie Sanders Surrogate Linda Sarsour Accuses Israel of ‘Jewish Supremacy’

    Sarsour was speaking at the the American Muslims for Palestine conference in Chicago, according to the Washington Free Beacon. Sarsour, who supports the anti-Israel BDS movement, has praised Nation of Islam leader and anti-Semite Louis Farrakhan.
  • USDA announces new rules for SNAP food assistance recipients

    USDA announces new rules for SNAP food assistance recipients

    Marcia Fudge, a Democrat and chair of the House Agriculture Subcommittee on Nutrition, Oversight, and Department Operations. That's down from its original estimate that 750,000 people would lose benefits.

    Jasprit Bumrah a baby bowler, I would have dominated him: Abdul Razzaq

    We desperately need to improve our ranking in other formats and not just focus on player's individual performances and averages". He last played for Pakistan in 2013 before being unceremoniously dropped from the set-up.
    Trump Holds Private Meeting with UK's Boris Johnson

    Trump Holds Private Meeting with UK's Boris Johnson

    The President, along with other world leaders, will be hosted by the Queen at Buckingham Palace later Tuesday evening. Johnson has denied the allegations.
  • Zimmerman sues Trayvon Martin's family, attorneys

    Zimmerman sues Trayvon Martin's family, attorneys

    The details that followed remain in dispute, with Zimmerman claiming he was attacked by Martin and defended himself. Due to Flordia's archaic "stand your ground" laws, Zimmerman was found not guilty as he was protecting property.
    NASA launches a ‘Robot Hotel’ on the International Space Station

    NASA launches a ‘Robot Hotel’ on the International Space Station

    Today, Wednesday 4, December, NASA is sending what they're calling a "robot hotel" up to the International Space Station (ISS). It also needs to be bought outside the space station using the Dextre robotic arm- used to perform maintenance operations.
    Momoa apologizes to Pratt after water bottle debacle

    Momoa apologizes to Pratt after water bottle debacle

    I even had it that day!" "BRO you know my children and I are madly in love with you and I love everything you do", he wrote. Let's make a positive change for the health of our planet. "Goodbye DROGO, AQUAMAN , DECLAN, BABA".

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.