A group of researchers has discovered anew security issue inAndroidthat marks the return of the critical StrandHogg vulnerability, discovered in late 2019, with a new version more difficult to detect than that disguises almost anyappdevice to give ‘hackers’ access to sensitive information.
StrandHoggallowed ‘malware’ to present itself as a legitimate applicationmaking the user unaware that he was under attack, and Norwegian cybersecurity company Promon has now decided to name a new security bug as StrandHogg 2.0 due to its similarities, as reported in a statement.
The new vulnerability (CVE-2020-0096) has been classified by Google as“critical severity” as it does not require ‘root’ accessNo permissions to run, and it consists of an elevation of privileges that allows ‘hackers’ to gain access to almost any Android app.
However, according to Promon researchers, StrandHogg 2.0 exposes Android users to“wider attacks” and “is much more difficult to detect”than the vulnerability discovered in December.
Instead of using the multitasking functions of Android, as was the case with its predecessor,the new vulnerability works by mirroring, a technique that allows malicious applications to impersonate legitimate ones in a completely hidden way.
Using this technique,cybercriminals can use a malicious app installed on the device to gain permissions to access dataPrivate as SMS messages, images, theft of credentials, access your GPS location or spy on your calls, your camera or your microphone.
The use ofSrandHogg 2.0 also allows several attacks to be carried out simultaneously on cybercriminalsjust by clicking on the icon of a fake app in disguise, while its predecessor only allowed attacks one by one.
It is more difficult to detect also because it does not require external configuration and directly uses the Google Play code that developers use to access the permissions of mobile apps, and this is not suspicious for the security of the device.
StandHogg 2.0 does not affect the latest version of Google’s mobile operating system, Android 10, but it does affect previous versions, which according to Google dataare installed in 91.8% of Android mobilesin the world.
Google has acknowledged the presence of the vulnerability and its severity and plans to distribute a patch to fix it this May.