A vulnerability that had been ailing millions of the completely patched Android devices is now being exploited actively by a malware that has been designed to empty the associated bank accounts of the users infected with this issue. This problem was brought to light by researchers on Monday.
This particular vulnerability allows malicious applications to go around as legitimate applications that have already been established by targets. This vulnerability was pointed out by researchers from Promon, which is a security-based firm. This malicious app runs under the pretext of popular apps that have already been installed in smartphones. After installation, these apps can eventually request permissions for carrying out sensitive tasks like recording video or audio, taking photographs, phishing the login credentials, or reading the text messages.
The targets that click yes for this request are the ones standing compromised to private information being leaked and misused. Researchers working with Lookout, which is a mobile-based security provider and a partner to Promon, reported just last week about 36 applications that have been exploiting this spoofing vulnerability. These malicious applications include variants of a banking Trojan by BankBot. BankBot has been duly active since the year 2017 & applications from this malware line have been repeatedly caught infiltrating the market at Google Play.
This particular vulnerability is very serious in versions 6 all through the 10th version which accounts for more than 80 percent Android phones all over the world. Attacks against these versions allow malicious applications to seek permission while trying to act as a version of the legitimate applications. There is no such limit to permissions being sought by these applications. They might seek access to photos, text messages, camera, microphone, or GPS. The only line of defense to be opted by the users is to click on the “No” when there is a pop-up for permission.
According to the researchers, this vulnerability is a part of the function termed as TaskAffinity which is a multi-tasked feature that allows the applications to assume a trusted identity. As per Promon, Google has successfully removed all the malicious applications from the Play Market. However, the vulnerability is still unfixed for all the Android versions. This vulnerability has been named “StrandHogg by Promon which is an ancient name for Viking Tactics used for raiding the coastal areas for plundering and holding people to extract the ransom amount. No response has been acquired from the Google representatives with regards to a patch for the flaw.