December 3, 2019 at
to the security firm, the attacker can request any permission, such as GPS,
microphone, photos, or SMS. The flaw has been discovered in the OS, which can
deceive users to give out sensitive information from their android devices. The
user can stay vulnerable, as the malware could infiltrate very sensitive data
from their phones.
The deceit in pop-up features
Normally, permission pop-ups work as a safety feature to protect users against unauthorized access to their sensitive information. If an app requires access to any information on your phone, the permission pop-ups notify you for approval. The handy tool is a good safety feature that can prevent automatic access to your sensitive data from malicious sources.
However, the pop-up is
ironically flawed. Some of the pop-ups are now doing the opposite because of the
hacking overlay. Hackers now use malicious android software to override the
original permission and replacing them with fake permission pop-ups. The user
will get the same permission request, but the pop-up does a different thing
when given permission.
The users are deceived
they are letting a legitimate site have access to their sensitive information.
But in the real sense, the malicious app is preparing an attack arsenal on
important data and information within the user’s android device.
Promon said the attack would look very genuine to reduce any suspicion from the user. Most times, the attack requests permissions similar to requests from other genuine targeted apps. This makes it difficult to differentiate between the genuine app and a malicious one.
Also, the app can take
over the permission pop-up of an android app. In other words, it will be the
real android app, but the actions taken on the phone are solely by the
malicious app. Also, the app can overlay similar login windows on a banking app
or social media app to trick users into handing over their passwords.
Where vulnerability is coming from
The vulnerability from the permission pop-up app is as a result of task Affinity, a multitasking system in Android. It is a situation where a malicious app can override the activities of another app and take the place of such an app on the OS. The mode of operation of the fake app makes it harder to detect and manage.
It completely overhauls the genuine app, while the user still thinks they are getting permission requests from the genuine app. After the user has granted permission, the malware goes into systems and applications within the android to gain access to sensitive information of the user.
Promon discovered this vulnerability after several bank customers in the Czech
Republic complained that their money mysteriously disappeared from their bank
account. A company representative gave Promon a sample of the actual malware
that took advantage of such a flaw.
To execute the attack, the hackers make use of “hostile downloader” and “dropper apps” on the Google Play Store. At first, malicious apps may be seen as harmless. But it starts causing havoc by secretly downloading Strandhogg-based malware into the android device of the user.
Google responds to vulnerability
Google has already
reacted to the vulnerability by saying it has deleted the harmful app from its PlayStore.
The internet giant has also updated its software for Google Play Protect and
android to prevent apps from initiating the Strandhogg attack.
Also, Google said the
company is investigating the vulnerabilities and improve the overall safety
features of the Google app. Google has reiterated its desire to protect users
from such exploitations. The company is still undergoing an investigation to
fix the problem permanently.
However, Promon said
the OS is still vulnerable because Google hasn’t yet patched it up from
Strandhogg attack. Lookout
said that the companies involved had not stated the apps that were involved or
hacked. So, it’s still not known how far the infiltration has spread.