The cyber security wing of Ministry of Home Affairs sent alert to all States warning them about the vulnerability in Android operating system that allows malware applications to pose as original, legitimate apps and access user data.
A Norwegian In-App protection firm, Promon, found proof of this Android vulnerability, which they call StrandHogg. It allows sophisticated malware attacks.
Cyber attackers exploit Android’s control settings called Ttask Affinity and Task Reparenting, which enables any app to freely assume the identity of any other task in Android’s multi-tasking system.
When users launch an app, an attacker can condition the system to display to the users a spoofed User Interface (UI) under attacker’s control instead of the real UI from the original app. This can lead to task hijacking.
Attackers can steal login credentials, listen to microphone, take photos using camera, read SMS, access photos and much more. The specific malware is installed through several dropper apps/ hostile downloaders.
As of now, there is no detection method or effective block against StrandHogg. This could have unprecedented, large-scale impact in terms of amount of damage as most apps are vulnerable by default.
