If someone thinks he can be totally free from malicious software, he is totally wrong, unfortunately. Even if you have a good antivirus on your device and you don’t click on anything you see on the web or in your mails, your files can still be under cyber attack. And such a scenario is even more plausible if a flaw in your operating system exists.
Promon is a company that has in-app security protections as the purpose of its existence. The firm recently reported the existence of a flaw in the Android operating system that allows malicious apps to perform unwanted operations.
It can show fake login pages, grant intrusive permissions, and more
The system flaw from Android has been named StrandHogg, and it can trick the user in various ways. One way is by allowing intrusive permissions to malicious apps when the user taps and interacts with legitimate ones. StrandHogg can also use the evil scheme of showing fake login pages to the user to steal his data, and this can be extremely dangerous. This is an age-old method used by cyber crooks to steal bank account information so they can gain access to other people’s online funds.
According to the Promon company, they identified the vulnerability “after it was informed by an Eastern European security company for the financial sector (where Promon provides app security support) that several banks in the Czech Republic had reported money disappearing from customer accounts.”
36 apps already exploited the Android shortcoming
Things keep getting worse for Android users since 36 apps have been discovered to exploit the system flaw. Promon discovered this while partnering with Lookout, a mobile security company from the US. While we don’t know the names for the 36 apps, it’s good to know that they cannot be found on Google Play Store.
Promon even released a video where it explains how StrandHogg works:
[…] Unfortunately, other third-party marketplaces still host malicious apps. […]