Android owners have had a tough year trying to keep up with the news of security vulnerabilities and malware-ridden apps. But the year isn’t over yet, and the punches keep coming. The latest Android vulnerability is a severe doozie.
It’s dubbed StrandHogg after an old Viking raiding tactic. This Android exploit mimics other legitimate apps to trick users into handing over their information. Here’s more info on how this exploit works, why it’s so dangerous, and how Android users can protect themselves from becoming its targets.
What is StrandHogg and How Does It Work?
StrandHogg can infect and gather personal information from any Android device without raising any red flags. The attacker exploits Android’s control settings, the “taskAffinity” parameter, to be exact. There’s a bug in the Android multitasking interface that makes it possible. It allows attackers to assume the identity of any app on the system.
To be clear, StrandHogg isn’t an app that you can download on its own. It is code that infected or fake apps (dropper apps) use so they can mimic other legitimate apps. When installed, these apps download the StrandHogg payload. Then it can exploit a vulnerability present in the multitasking interface. The security researcher, Promon, claims to have already found 36 apps on the Play Store that take advantage of StrandHogg.
What makes it so devastating is that it’s almost impossible for a device owner to realize what’s happening. You open your app, enter login details or give permissions, thinking everything is legitimate. Meanwhile, a malicious app opens, mimicking the UI and design of the real app, and gathers everything you’ve entered.
The app can ask any permission it wants to. Of course, most would ask seemingly fitting permissions so as not to raise any alarms. The app developers then can use those permissions to eavesdrop on the user, download all their files and contacts, or read their conversations.
Another thing that makes this exploit especially dangerous is that a phone doesn’t have to be rooted for it to work. Thus, all Android owners are in danger of falling victim to StrandHogg.
What Does This Mean for Android Owners?
As of right now, Google hasn’t yet released a patch to deal with this security issue. Of course, they have been notified of it. So, all Android owners are very much at risk of becoming targets. They risk having their private information, including internet banking login details, stolen.
As the Promon CTO, Tom Lysemose Hansen clarifies, “We have tangible proof that attackers are exploiting StrandHogg in order to steal confidential information. The potential impact of this could be unprecedented in terms of scale, and the amount of damage caused because most apps are vulnerable by default, and all Android versions are affected.”
So far, it’s challenging to identify when StrandHogg has infected a device. It doesn’t leave any traces. There is no separate app or malware to delete. Users are usually also none the wiser because it looks like their apps are working fine. But there are a few tell-tale signs to look out for that could point to StrandHogg:
- The back button of an app doesn’t work right away.
- The app asks for permissions again or requests new permissions.
- The interface of the app looks even a little bit different than before.
How Can Android Owners Protect Themselves?
StrandHogg isn’t the only form of cyber threat that Android owners are facing right now. So, it’s best to be ready for anything.
For one, monitoring your phone for any suspicious behavior is an excellent idea. Android users can also take some precautions that will protect them from cyberattacks.
These tips might not protect against StrandHogg’s brand of exploitation. But they can limit potential exposure to apps that allow hackers to use that exploit. It will also protect against most other forms of malware and cyberattacks.
Be More Scrupulous When Downloading Apps
There is no real way to avoid StrandHogg, but Android owners can try to prevent malicious apps that use it. Watch out for tell-tale signs of malicious apps:
- The icon of the app repeats a lot on the store
- The name of the app features a spelling mistake or unnecessary extra symbols
- The developer name looks like the one of a legit company but with a spelling mistake
- The app doesn’t have many downloads (especially if it’s a popular app)
- The screenshots of the app were obviously photoshopped
- The app requests permissions that are irrelevant for its functionality
Only Download From the Play Store
The Google Play Store might let some dropper apps/malicious apps onto the store sometimes. But it’s still more secure than smaller marketplaces. Always look for apps at Google Play before checking alternative app stores.
Sign Up for a VPN Service
VPNs have become a must-have security ally in the fight against cyberattacks. Sure, VPN services won’t keep a malicious app from working. But they will stop outsiders from accessing your internet connection and stealing any information traveling over it (for more details check here).
Educate Yourself About Cyber Threats
Most Android users fail to protect their devices because they don’t know about the threats you face. Most of the StrandHogg victims still have the apps on their phones and have no idea something is wrong.
Only by educating yourself you can protect your devices from cybercriminals. Follow the tech news, learn how to recognize malicious software, and use cybersecurity software. Lack of knowledge can lead to much more dangerous threats and worse consequences.
Always Let Android Updates Download
Google hasn’t released an update to plug the security hole that allows StrandHogg to work, yet. But it is crucial to make sure that you download the update when they do. So be sure to check for app updates and always install the latest security patches.
Even a legit app can expose your smartphone to security risks if you are not using its latest version. The same goes for the operating system and software you use on other devices.
Summary
Security vulnerabilities like StrandHogg will always pop up. Some are impossible to avoid. While this exploit does pose a high risk for Android owners, there are ways to mitigate the danger. Make sure to prevent malicious apps and use trusted security software to secure devices against any possible threats out there.
