StrandHogg and the 36 apps that can spy on you, take photos and steal your passwords

In recent months there has been an increase in Android bugs, and we may be facing the worst of all.

StrandHogg is one of the most serious failures of the year, it affects all versions of the operating system, including mobile phones with Android 10, and does not require root to take control of many of essential functions.

The company responsible for the discovery of StrandHogg, has found at least 36 apps that can spy on you, take photos or steal your passwords taking advantage of the vulnerability of your device.

StrandHogg, allows malware to impersonate a legitimate application, being able to spy on or steal user data. To give us an idea of its danger, researchers gave us these key data:

  • All affected Android versions, including Android 10
  • The 500 most popular applications at risk
  • Real Malware is taking advantage of the vulnerability right now
  • 36 applications exploiting the vulnerability detected
  • You can exploit the vulnerability without root Access

The problem with the vulnerability, is that allows almost any type of malware to take advantage of it. In fact, it can be used to deceive users and grant permissions to malicious applications when they interact with legitimate applications. You can also display fake access pages to steal our data (phishing).

The problem arises when Google Play Store installs in the background these 36 app, whose name is not yet known, which download malicious code on our devices.

The StrandHogg vulnerability exploits a bug, in the way in which Android manages the change between processes that perform operations or applications. Basically, we are facing a failure in Android multitasking which allows a malicious application to activate code while the user starts a legitimate application.

The user clicks on a legitimate application, such as Instagram, but the malicious application takes advantage of the Android bug to execute a code that activates the malware.

Researchers have analyzed the 500 most popular applications for Android and have detected that all of them are vulnerable to this fault.

Among the things StrandHogg can do, are:

  • Listen to the user through the microphone
  • Take pictures through the camera
  • Read and send SMS messages Make and / or record telephone conversations
  • Steal login credentials with phishing
  • Get access to all photos and private files on the device
  • Get GPS location and information
  • Get access to contacts
  • Access phone records

Andrea Leal

Reduce, Reuse, Recycle

Contact Us