A new vulnerability has been discovered for Android smartphones potentially allowing hackers to gain access and steal cryptocurrency wallet information.
According to a report by Norwegian app security firm Promon, the Android operating system has a security flaw that allows cybercriminals to gain access to a user’s crypto wallet. The vulnerability, called StrandHogg, has infected nearly all versions of Android.
Serious Android vulnerability leaves most apps vulnerable to attacks. All versions of Android affected (incl. Android 10,) and real-life malware is currently exploiting the flaw. Learn more: https://t.co/RCJGHbjDMy #StrandHogg #Android #Vulnerability
— Promon (@Promon_Shield) December 2, 2019
Tom Lysemose Hansen, CTO for Promon, explained the severity of StrandHogg,
We have tangible proof that attackers are exploiting StrandHogg in order to steal confidential information. The potential impact of this could be unprecedented in terms of scale and the amount of damage caused because most apps are vulnerable by default and all Android versions are affected.
The report explains that StrandHogg mimics other applications on the Android phone, tricking users into opening the app and projecting a fake version of a login screen. The app is then able to phish users for their passwords and credentials, including application logins for crypto wallets.
The report continues,
When the victim inputs their login credentials within this interface, sensitive details are immediately sent to the attacker, who can then login to, and control, security-sensitive apps.
Promon also claims StrandHogg is able to listen to users through the infected device’s microphone, read and send text messages, and access private photos.
Featured Image Credit: Photo via Pixabay.com
