Morioh
Login
Autumn Blick

Autumn Blick

3 years ago

a malicious app installed on a device can hide behind legitimate apps.

A critical privilege-escalation vulnerability affecting Android devices has been found that allows attackers to hijack any app on an infected phone – potentially exposing private SMS messages and photos, login credentials, GPS movements, phone conversations and more.

The bug is dubbed the “StrandHogg 2.0” vulnerability (CVE-2020-0096) by the Promon researchers who found it, due to its similarity to the original StrandHogg bug discovered last year. Like the original, a malicious app installed on a device can hide behind legitimate apps. When a normal app icon is clicked, a malicious overlay is instead executed, which can harvest login credentials for the legitimate app.

However, Version 2.0 allows for a wider range of attacks. The main difference with the new bug is that exploits are carried out through reflection, “allowing malicious apps to freely assume the identity of legitimate apps while also remaining completely hidden,” researchers explained, in a white paper published on Tuesday. The original StrandHogg allowed attacks via the TaskAffinity Android control setting.

“StrandHogg 2.0…has learned how to, with the correct per-app tailored assets, dynamically attack nearly any app on a given device simultaneously at the touch of a button, unlike StrandHogg which can only attack apps one at a time,” according to the research.

Attackers would first inject the original launcher activity of the apps they are targeting with their own attack activity. The task will appear to be the original task belonging to the app; however, the attack activity that has been placed into the task is what the user will actually see when the task is activated.

“As a result, the next time the app is invoked, for instance, by a user clicking its app icon, the Android OS will evaluate the existing tasks and find the task we created,” according to the white paper. “Because it looks genuine to the app, it will bring the task we created to the foreground and with it our attack will now be activated.”

#vulnerabilities #android #android 10 #application #bug #cve-2020-0096 #google #hijacking #privilege escalation #security vulnerability #strandhogg 2.0

StrandHogg 2.0 Critical Bug Allows Android App Hijacking

threatpost.com

StrandHogg 2.0 Critical Bug Allows Android App Hijacking

a malicious app installed on a device can hide behind legitimate apps.

1.65 GEEK