Android, the world's largest mobile platform, comes with its own share of dangers despite setting up stern security measures to keep risks at bay. The biggest problem Google has been facing with its mobile platform of late is the flooding of malicious apps, putting hundreds and millions of users at risk.
For the last few weeks, Android users have been put on high alert over a potential threat lurking in the app marketplace. Researchers at security firm Promon discovered an Android vulnerability, StrandHogg, to be stealing from users by infecting their smartphones. Now, the Threat Analytical Unit of the Indian Cyber Crime Coordination Centre, Ministry of Home Affairs, has issued a warning about popular apps affected by the nefarious malware.
"At least 500 popular apps are at risk because of this malware that hackers can deploy to attack mobile phone users. An alert has been sent to all senior police officials to sensitise them to the threat. Steps will be taken to create awareness among the public on the vulnerability of Android to 'StrandHogg'," a police official was quoted as saying by The Hindu.
What is StrandHogg?
StrandHogg is an Android malware, affecting popular mobile apps. The vulnerability affects all versions of Android, including the latest security-focused Android 10. StrandHogg malware poses genuine apps to fool unsuspecting users and has the potential for extreme damage.
StrandHogg lurks in the shadows, making it hard to detect. The malware displays a fake screen on top of a legitimate app to request permissions, which appear to be coming from the genuine app. By granting the requested permissions, the user is granted access to the original app, leaving no room for suspicion.
Things get serious when the malware displays a fake login screen on top of banking apps, which can be used to gather sensitive information such as login username and password. Using this, hackers could potentially drain your bank accounts empty.
What is at stake?
As already mentioned, hackers could obtain banking information using StrandHogg vulnerability to steal money from users. But there's a lot more at stake even for those who do not perform mobile banking.
StrandHogg can access all private photos and files on the device, phone logs, location and GPS tags, contact lists, listen to the user by activating the microphone, take photos using the camera, read and send SMS, make phone calls and record conversations. This is a serious breach of privacy for any individual, which is why precaution is of utmost importance.
How to protect your phone from StrandHogg?
While Google has removed several apps from the Play Store after being notified by Promon, there's still a high risk from malicious apps hiding in the Play Store. Users must be vigilant and verify before granting permissions to any app. Users must always look for the relevance of the app and the kind of permissions it is taking. For instance, a photo-editing app cannot be asking permissions to make calls.
The biggest giveaway in fake pages is it will have non-functional links and buttons. It may add an extra step to the process, but it is better to be safe than sorry.