The New StrandHogg 2.0 Vulnerability On Android And What You Can Do About It
Security researchers have found a new vulnerability that can be used to exploit almost every version of Android. It has been termed “StrandHogg 2.0” and it allows cybercriminals to hijack genuine Android apps to perform malicious tasks.
This vulnerability has been classified as “critical severity” (CVE-2020-0096) by Google. The primary reason behind this is the fact that it allows cybercriminals to overtake almost all available apps on the Google Play Store. In a nutshell, this design loophole allows a hacker to overlay a fake page on top of a genuine Play Store-verified app, thus tricking the user into sharing private data.
What It Looks Like
According to the latest Android version distribution statistics report, almost 91.8% of Android devices are vulnerable to attack.
Using this vulnerability, a malicious application installed on a device can attack, and trick the user by showing a fake version on the app screen. For instance, you click on the Gmail icon, and instead of the original login page, you are redirected to a fake page. You enter the credentials without realizing it and now the attacker has your login details.
This vulnerability also allows malware to show counterfeit permission windows pretending to come from legitimate applications. Requests may be similar to genuine apps asking for location access, contact or message access, thus paving the way for device takeover.
Differences Between StrandHogg And StrandHogg 2.0
StrandHogg 2.0 is an evolved version of StrandHogg. Unlike the earlier version, StrandHogg 2.0 does not require any special settings in an app’s Android Manifest package, meaning the malicious code will not be present on the Play Store, thus evading scans. This threat impacts Android versions as old as 3.0 (Honeycomb) and up to 9.0 (Pie).
The new version has a broadened impact area. It does not require root access or any other setting-specific permissions within the device. Most worrying of all, the newer version enables sophisticated malicious attacks on unrooted Android devices as well. Compared to StrandHogg, the newer version is much more difficult to identify due to its code-based execution.
Because no external set-up is necessary in order to execute this newer version, a hacker can obfuscate the attack further because code obtained from Google Play initially will not appear suspicious to developers and security teams.
How To Stay Safe
Google has released a patch with the aim of fixing this issue. Here are some ways to ensure your device and data are safe.
Download From Google Play Store
Make it a habit to download Google Play Store-verified apps only. Google carries out multiple security measures to make sure that the available apps are free of malware. Many users tend to download cracked APKs for random websites. This can lead to downloading and installing unverified apps, thus increasing the chances of malware getting onto your device.
Be Careful Of Pop Ups
The malware works by creating fake overlays of legitimate apps. When you launch an app, the code runs and it overrides the current process to place a look-alike activity page, and launches a fake activity session. Make sure to scrutinize unexpected pop-ups that do not have a name, or ones that ask you to re-login when you have already entered your credentials.
Install Antivirus Software
A mobile antivirus will provide you with an added layer of security that can help identify and block threats in real-time. Most antivirus apps also include a number of additional features that ensure added privacy, which can go a long way in keeping your mobile device protected from malware, viruses, phishing attacks, and more.
Here are the best mobile antiviruses that you can use:
- Avast - This feature-laden antivirus app ensures the safety and privacy of your mobile device around the clock. Priced at $24/month, it gives you advanced features like Wi-Fi scanner, App Advisor, device scanner, App Lock, URL Filter, Anti-theft, and more.
- Bitdefender - Priced at $15/month, it offers powerful scanning and works in the background with minimal impact on performance. It has a 100% malware detection rate, advanced features, and top-notch security.
- Norton - One of the leading security brands, Norton gives you unmatched security against threats. At $30/month, you gain access to all necessary features alongside real-time detailed scans.