While the world awaits a patch from their phone manufacturers’ support teams, keep an eye out for suspicious signs.

A Norwegian app security company, Promon, has identified a serious Android following an attack on several customer bank accounts; the firm subsequently detected a vulnerability in the Android system which that have named “StrandHogg”.

The newly-discovered flaw allows real-life malware to pose as legitimate apps, with users unaware they are being targeted. Promon scanned top 500 popular mobile apps in the world, and they are vulnerable to StrandHogg. The latter is unique because it can be exploited with or without root access to any Android devices, and it affects all versions of Android, including Android 10. 

Malicious apps can take advantage of a weakness in the multitasking system of Android to masquerade as any other app on the device. This exploit is based on an Android control setting called ‘taskAffinity’, and when exploited, can be used to launch powerful attacks on affected devices. The Promon research team said it did notify the Android project of the vulnerability in the multitasking component, but Android OS developers have not fixed the issue after more than 90 days.

How to stay alert while awaiting a security patch

Promon’s team offers users tips for telling if an app being exploited by StrandHogg:

  • An app or service that you are already logged into is asking for you to log in
  • Permission popups that do not contain the name of the app prompting attention
  • You are being prompt to grant permissions by an app that shouldn’t require or need the permissions; such as, a calculator app asking for GPS permission
  • Typographical errors and grammatical mistakes in the user interface
  • Buttons and links in the user interface that does nothing when clicked on
  • The back button or gesture does not work as expected

Further confirmation announced

i-Sprint has sampled 100 popular Android Apps across APAC and found that all of them are susceptible to this vulnerability. The consequences of exploiting this vulnerability by a malware include steal of usernames and passwords, drain bank accounts, track victim’s movements and location, steal private SMS messages and photos, access contact list and phone logs, and spy through a phone’s camera and microphone.

Dutch Ng, CEO of i-Sprint said: “As people are spending more time using their mobile devices to browse content, online shopping, transactions and so on, cyberattack cases targeting smartphone devices are also increasing. Companies need to be more alert and diligent in ensuring their apps will not be the next victim of such vulnerability.”

According to i-Sprint CTO Albert Ching, their Runtime Application Self-Protection (RASP) solution proactively protects mobile apps against various risks and attacks, including a new feature for the protection of task hijacking as reported in StrandHogg. “Our existing customers were equipped with the necessary protection tool even before the announcement of the StrandHogg vulnerability. We will continue to deliver new security features to help our customers to secure and protect their mobile apps against various attacks.”

i-Sprint is currently providing a free assessment to organizations that want to find out whether their apps are susceptible to the StrandHogg vulnerability.

Stay tuned for more developments on the discovery around the world.