Newly Revealed Security Flaw Means Malware Could Steal Data From Android Devices

A newly revealed flaw in the Android operating system could allow wrongdoers to steal private information from your device. Both the malware and the theft would be next to impossible to detect. But there’s a simple way to protect yourself. First, make check if your device is running Android 10 (or higher). If yes, then you’re done because the vulnerability only affects Android 9 and earlier versions. If you have an earlier version of Android than Android 10, then make sure you’ve installed the latest security updates. Google says it has now pushed out a fix for the vulnerability.

The flaw could affect you when download a seemingly legitimate app to your device. That fake app then installs malware that acts as an intermediary between you and your real apps. The next time you open, say, your favorite social networking app or work collaboration app, the malware would pop up a fake log-in page that looks just like the real one. Suspecting nothing, you put in your username and password and other information. The malware grabs that information and sends it off to a hacker’s server for future use. Then it proceeds to connect you to the real app, which works just the same as it always has. You have no way of knowing that your information has just been stolen. The malware could also pose as another app and ask for permissions. If you grant unwittingly grant them, it could track your location, upload your photos and contacts, and track your location as well. 

Strandhogg 2.0

Promon, the Norwegian security firm that found the vulnerability calls Strandhogg 2.0. Strandhogg means “hostile takeover.” Promon says Strandhogg 2.0 is much more dangerous than the original Strandhogg vulnerability it found last year because “it allows for broader attacks and is much more difficult to detect.”

For its part, Google told TechCrunch that not only has it issued a fix for Strandhogg 2.0, but also that Play Protect, app screening software that’s built in to Android, would block users from downloading any app designed to take advantage of the Strandhogg 2.0 vulnerability.

Both Promon and Google say they have not seen any evidence of malware that exploits the Strandhogg 2.0 vulnerability. On the other hand, since such malware would be virtually undetectable, the fact it hasn’t been spotted in use isn’t quite as reassuring as it might be. You’re best off playing it safe and updating to the latest version of Android, or making sure you’ve got the latest security update installed.

Hot this week

The Quiet Dangers of Overlooking Basic Security Hygiene

Basic security hygiene prevents more breaches than advanced tools, yet most teams overlook fundamentals while chasing sophisticated threats.

Your Password Strategy Is Wrong and Making You Less Secure

The decades-old advice on password complexity is forcing users into insecure behaviors. Modern security requires a shift to passphrases, eliminating mandatory rotation, and embracing passwordless authentication.

Why API Security Is Your Biggest Unseen Threat Right Now

APIs handle most web traffic but receive minimal security attention, creating massive unseen risks that traditional web security tools completely miss.

Security Teams Are Asking the Wrong Questions About AI

Banning AI tools is a failing strategy that creates shadow IT. Security teams must pivot to enabling safe usage through approved tools, clear guidelines, and employee training.

The Illusion of Secure by Default in Modern Cloud Services

Moving to the cloud does not automatically make you secure. Default configurations often create significant risks that organizations must actively address through proper tools and processes.

Topics

The Quiet Dangers of Overlooking Basic Security Hygiene

Basic security hygiene prevents more breaches than advanced tools, yet most teams overlook fundamentals while chasing sophisticated threats.

Your Password Strategy Is Wrong and Making You Less Secure

The decades-old advice on password complexity is forcing users into insecure behaviors. Modern security requires a shift to passphrases, eliminating mandatory rotation, and embracing passwordless authentication.

Why API Security Is Your Biggest Unseen Threat Right Now

APIs handle most web traffic but receive minimal security attention, creating massive unseen risks that traditional web security tools completely miss.

Security Teams Are Asking the Wrong Questions About AI

Banning AI tools is a failing strategy that creates shadow IT. Security teams must pivot to enabling safe usage through approved tools, clear guidelines, and employee training.

The Illusion of Secure by Default in Modern Cloud Services

Moving to the cloud does not automatically make you secure. Default configurations often create significant risks that organizations must actively address through proper tools and processes.

The Hidden Costs of Automated Security Tools

Automated security tools often create more problems than they solve when implemented without strategic human oversight, leading to alert fatigue and missed threats.

The Real Problem With Security Awareness Training

Security awareness training fails because it focuses on compliance rather than behavior change. The solution involves integrating security into daily work rather than treating it as a separate activity.

The Unseen Cost of Cloud Migration

Cloud migrations create hidden security debt through rushed decisions and poor documentation, shifting rather than eliminating risk in ways teams often miss until it is too late.
spot_img

Related Articles

Popular Categories