StrandHogg Android Vulnerability Can Grab Wallet and Banking Information


StrandHogg has already been used for accessing banking data. The exploit has been documented by security company Promon and seems to affect all Android versions. Since researchers in the security field have been knowing about the StrandHogg proof-of-concept model ever since 2015, the exploit isn’t at all new.

The Dangerous StrandHogg Version Has Been on the Internet for a While

The potentially dangerous StrandHogg version has been propagating all over the internet in the past year, hidden in malware. Promon even made a page with information on it after learning how fast it spreads and how dangerous it can be. What it seems to do is interrupting the way an app flows from the moment of the launch to the one of the welcoming screen appearing. It forces the Android user to give the malware permission before letting the app run. This is what the Marketing and Communication Director at Promon, Lars Lunde Birkeland had to say about it:

“Our researchers focused on describing the vulnerability, as such, but we also collaborated with Lookout Security who contributed some parts by scanning their datasets of malware. They found 36 malicious apps that exploit the flaw. We tested the top 500 most popular apps and all of them are vulnerable.”

More than this, all Android versions, including Android 10, can be affected according to Promon.

Launched on almost any kind of phone with Android, the StrandHogg exploits and hijacks apps and sends the pop-ups that ask to have access to contacts, stored data, and location. After permission is given, the app starts running normally. Birkeland explained how it works:

“The victim clicks on the legit app but instead of being directed to the legit app the malware tricks the device to show a permission pop-up. The victim gives the malware and the attacker the permissions and then you're redirected to the legit app.”

Researchers have discovered that the Trojan program BankBot in fact used the exploit to ask for permission for intercepting messages, make calls and even lock the phone until a ransom is paid. This has raised many concerns among those who are banking with their phone or are using wallet apps. More than this, the exploit can also present a fake page for logging in with some apps on Android, yet the permissions exploit is the one more widespread.

The Vulnerability is Very Serious

Promon came across the malware when many banks from the Czech Republic started to report that their customers are having money taken from their accounts. This is what the company wrote:

“From here, through its research, Promon was able to identify the malware was being used to exploit a dangerous Android vulnerability. Lookout, a partner of Promon, also confirmed that they have identified 36 malicious apps exploiting the vulnerability. Among them were variants of the BankBot banking trojan observed as early as 2017. While Google has removed the affected apps, to the best of our knowledge, the vulnerability has not yet been fixed for any version of Android (incl. Android 10),” wrote the researchers.”

The name StrandHodd comes from an old tactic used by the Vikings to raid the coast and to kidnap people for ransom.

Get Daily Headlines

Enter Best Email to Get Trending Crypto News & Bitcoin Market Updates

What to Know More?

Join Our Telegram Group to Receive Live Updates on The Latest Blockchain & Crypto News From Your Favorite Projects

Join Our Telegram

Stay Up to Date!

Join us on Twitter to Get The Latest Trading Signals, Blockchain News, and Daily Communication with Crypto Users!

Join Our Twitter

Add comment

E-mail is already registered on the site. Please use the Login form or enter another.

You entered an incorrect username or password

Sorry, you must be logged in to post a comment.
Bitcoin Exchange Guide