Cybersecurity

A new Android vulnerability could trick you into divulging sensitive data

StrandHogg 2.0 exploits Android's multitasking features and looks like a legitimate app.

Man holding smart phone making online shopping and banking payment.
Shutterstock

Security firm Promon has discovered a new version of the StrandHogg bug that affects 90 percent of Android users, according to TechRadar. The malicious software works via Android's multitasking feature and makes it possible for a malicious actor to compromise a device and potentially glean sensitive information from it, like user login credentials.

How does it work? — StrandHogg 1.0 manipulates the multitasking feature in Android to create convincing overlays when users switch apps. Permissions overlays can grant hackers access to messages, photos, the microphone, and GPS location data. Login overlays, even with two-step authentication, can expose anything from your social media passwords to bank details.

Sound familiar? — StrandHogg 2.0 is virtually the same as the overlay-creating StrandHogg 1.0, but now it can’t be scanned for in the Play Store. Google didn't bother patching StrandHogg 1.0, instead choosing to search for a tell-tale section of code in Android apps, but it has already released a patch to protect users from the updated version.

This process abuses the Android Manifest’s taskAffinity feature, which makes it easy to find in an app’s XML file. StrandHogg 2.0 doesn’t need to claim any official feature, so it can be downloaded to the device after the app has been installed.

What you can do? — The updated bug doesn’t affect those devices running Android 10, but any users using older versions of Android — and there are plenty of them — should update their devices as soon as possible, because Google released a patch for StrandHogg 2.0 in May’s Security Update.