When it comes to security, the Android ecosystem is not safe. Android is the most vulnerable platform out there. New research from a Norwegian security firm Promon has warned that Android has a security flaw that is actively being used to steal online banking logins.
The “StrandHogg” flaw, as it has been named, leverages Android’s multitasking system to overlay fake login screens on legitimate banking apps to steal the login credentials.
The flaw, therefore, tricks users to think they are using their legitimate banking apps, thus unsuspecting while they are actually filling their credentials on an overlay screen.
As per the report, no one is safe. This vulnerability reportedly affects all versions of Android, even Google’s latest version – Android 10. The company said it has worked to remove malicious software from Google Play Store, but the issue has not been fixed to date.
The research firm found the flaw while investigating the malware used to steal funds from users’ accounts. It was found that the bug was used to target over 60 separate financial institutions in several countries. The bug is already being used to steal money from victim’s accounts on several occasions.
“We have tangible proof that attackers are exploiting StrandHogg in order to steal confidential information. The potential impact of this could be unprecedented in terms of scale and the amount of damage caused because most apps are vulnerable by default and all Android versions are affected,” said Promon CTO, Tom Lysemose Hansen.
Working together with Lookout, a US-based security firm, the two scanned apps in Google’s Play Store and found out 36 malicious apps exploiting the StrandHogg” flaw.
What is even surprising is the firm discovered that the flaw could exploit all of the 500 most popular apps on Google Play Store.
The malicious apps have since been taken down by Google, and the company says they will continue investigating to block such apps from finding their way into the Play Store.