StrandHogg

StrandHogg is the name of a vulnerability, which affects Android devices exclusively. Often, these vulnerabilities allow attackers to gain access to information or permissions they are not supposed to have, but the case of the StrandHogg vulnerability is slightly different. This security hole may allow attackers to craft Android malware, which impersonates legitimate applications. It does not just mimic their icon and name, but it also asks for the same permissions and behaves in a way identical to the original application. What is even scarier is that the StrandHogg vulnerability has already been used on several dozen Android applications that were hosted on the Google Play Store.

The security measures that the Google Play Store employs have proven to be inefficient when it comes to blocking malware – just a few months ago, security researchers identified that the CamScanner App contained a corrupted piece of code that may have reached an estimated of 100 million Android devices. Threatening applications using the StrandHogg vulnerability also were found on the Google Play Store, but most of the samples have been taken down already. However, these cases are undeniable proof that the StrandHogg vulnerability works, and cybercriminals are aware of it.

The StrandHogg vulnerability can be used with any Android malware that the attackers have access to – it can be used to disguise rather harmless applications such as adware, but it also may be used to mask high-profile threats such as banking Trojans. Needless to say, this is a major problem since applications using the StrandHogg vulnerability are nearly impossible to distinguish, especially – they behave like the original application and do not ask for anything out of the ordinary.

Malware using the StrandHogg vulnerability will not only be found on the Google Play Store – the cybercrooks behind these campaigns also are likely to rely on fake downloads or 3rd-party application store services. The number of Android malware has been increasing over the past few years rapidly, and it is clear that cybercriminals are finding out new ways to bypass the security measures employed by software and hardware manufacturers. Using a reputable Android anti-virus product is a must if you want to keep your smartphone safe from the most modern Android malware.