- Security researchers have just found a vulnerability that could give cybercriminals entry to private data on Android.
- The Norwegian-based firm announced the discovery of the vulnerability, dubbed StrandHogg.
- The breach has had an impact on all versions of Android.
Security researchers at Promon have just found a significant vulnerability that could give cybercriminals the easy route to gain entry to any private data on any Android phone.
Earlier this week, the Norwegian-based security firm announced the discovery of the Android vulnerability which has been dubbed StrandHogg. The breach has had an impact on all versions of Android and has put the top 500 most popular apps at risk on the Google Play Store.
Tom Lysemose Hansen, the CTO of Promon said:
“We have tangible proof that attackers are exploiting StrandHogg in order to steal confidential information. The potential impact of this could be unprecedented in terms of scale and the amount of damage caused because most apps are vulnerable by default and all Android versions are affected.”
The vulnerability on Android allows malicious apps to ‘phish’ credentials of users by displaying a fake version of a login screen. Clever.
The report states:
“When the victim inputs their login credentials within this interface, sensitive details are immediately sent to the attacker, who can then login to, and control, security-sensitive apps.”
If this wasn’t scary enough, StrandHogg can also allegedly listen to users through their microphone. Furthermore, it can supposedly read and send text messages as well as access private photos and files on the device.
It will be interesting to see how this plays out. If your an Android user you need to be careful for sure but if you use your phone for cryptocurrency means, then you need to be extra careful. You don’t want a malicious individual getting your passwords for your wallets, especially right before Christmas…
For more news on this and other crypto updates, keep it with CryptoDaily!