A newly discovered Android vulnerability could enable attackers to access most applications on a target device if exploited, researchers report. StrandHogg 2.0, which affects most versions of Android, lets malicious apps pose as legitimate apps while hiding from victims.
Promon researchers named the vulnerability for its similarities to StrandHogg, a flaw the same organization found in late 2019. StrandHogg, named after an old Norse term for a Viking coastal-raiding tactic, could enable attackers to abuse legitimate apps to deliver malware so they can track users without their knowledge. At the time it was disclosed, the flaw had been exploited in the wild and affected all versions of Android up to Android 10.
StrandHogg 2.0 does not affect devices running Android 10, though researchers note many still run older versions. They cite Google data showing that as of April 2020, 91.8% of Android users are on version 9.0 or earlier: Pie (2018), Oreo (2017), Nougat (2016), Marshmallow (2015), Lollipop (2014), Kit Kat (2013), Jellybean (2012), and Ice Cream Sandwich (2011).
Researchers have not seen any malware using StrandHogg 2.0 in the wild. However, they call this flaw the "evil twin" of its predecessor because it enables broader attacks, is harder to detect, and lets attackers take advantage of nearly any application on a target smartphone. They believe StrandHogg's operators have learned and subsequently evolved their tactics.
The first iteration of StrandHogg exploited the Android control setting TaskAffinity. This flaw takes advantage of Android's multitasking feature and leaves behind traceable pointers. The second version uses a technique that makes this threat harder for victims to detect.
StrandHogg 2.0 is executed through reflection, explains researcher J ..
Support the originator by clicking the read the rest link below.
