StrandHogg Android Vulnerability Can Grab Wallet and Banking Information

The recently discovered vulnerability StrandHogg may give hackers access to private information stored on the phones of Android users.

StrandHogg has already been used for accessing banking data. The exploit has been documented by security company Promon and seems to affect all Android versions. Since researchers in the security field have been knowing about the StrandHogg proof-of-concept model ever since 2015, the exploit isn’t at all new.

The Dangerous StrandHogg Version Has Been on the Internet for a While

The potentially dangerous StrandHogg version has been propagating all over the internet in the past year, hidden in malware. Promon even made a page with information on it after learning how fast it spreads and how dangerous it can be. What it seems to do is interrupting the way an app flows from the moment of the launch to the one of the welcoming screen appearing. It forces the Android user to give the malware permission before letting the app run. This is what the Marketing and Communication Director at Promon, Lars Lunde Birkeland had to say about it:

“Our researchers focused on describing the vulnerability, as such, but we also collaborated with Lookout Security who contributed some parts by scanning their datasets of malware. They found 36 malicious apps that exploit the flaw. We tested the top 500 most popular apps and all of them are vulnerable.”

More than this, all Android versions, including Android 10, can be affected according to Promon.

Launched on almost any kind of phone with Android, the StrandHogg exploits and hijacks apps and sends the pop-ups that ask to have access to contacts, stored data, and location. After permission is given, the app starts running normally. Birkeland explained how it works:

“The victim clicks on the legit app but instead of being directed to the legit app the malware tricks the device to show a permission pop-up. The victim gives the malware and the attacker the permissions and then you're redirected to the legit app.”

Researchers have discovered that the Trojan program BankBot in fact used the exploit to ask for permission for intercepting messages, make calls and even lock the phone until a ransom is paid. This has raised many concerns among those who are banking with their phone or are using wallet apps. More than this, the exploit can also present a fake page for logging in with some apps on Android, yet the permissions exploit is the one more widespread.

The Vulnerability is Very Serious

Promon came across the malware when many banks from the Czech Republic started to report that their customers are having money taken from their accounts. This is what the company wrote:

“From here, through its research, Promon was able to identify the malware was being used to exploit a dangerous Android vulnerability. Lookout, a partner of Promon, also confirmed that they have identified 36 malicious apps exploiting the vulnerability. Among them were variants of the BankBot banking trojan observed as early as 2017. While Google has removed the affected apps, to the best of our knowledge, the vulnerability has not yet been fixed for any version of Android (incl. Android 10),” wrote the researchers.”

The name StrandHodd comes from an old tactic used by the Vikings to raid the coast and to kidnap people for ransom.

Get Free Email Updates!

*Action* Enter Best Email to Get Trending Crypto News & Bitcoin Market Updates

I will never give away, trade or sell your email address. You can unsubscribe at any time.

Oana Ularu
Oana Ularu
Curious about what’s going on with all the money in the world, Oana is bringing you the latest news in the crypto world. She’s aware of the fact that you need to know everything that’s happening on the financial scene in order to play the cryptocurrency market, so you can count on her to share with you every little detail on what matters.

[Alert] Use the author's self-conducted information at your own risk, do you own research, never invest more than you are willing to lose.

[Disclosure] The published news and content on BitcoinExchangeGuide should never be used or taken as financial investment advice. Understand trading cryptocurrencies is a very high-risk activity which can result in significant losses. Editorial Policy \\ Investment Disclaimer


Please enter your comment!
Please enter your name here


Live Bitcoin Price & Latest BTC Charts

Today's Latest Crypto News

Bitcoin Adoption Explosion in Africa, Led by Nigeria, Kenya, and South Africa

Bitcoin continues to gain traction in Africa, with Kenya being the most bitcoin maximalist country, with 94.7% dominance. The top 10 list also contains...

DeFi App Growth Boosts Total Transactions On DApp Blockchains By $4.5B In Q2 2020: DAppRadar Report

In a report by DApp Radar, the total transactional volume on DApps touched the $12 billion mark in Q2 2020, representing a $4.5 billion...

Bitcoin to Follow the Equities Market Up or Down? One-Month Correlation Spikes to an All-Time High

Yet another week of weak price movement. The world’s leading digital asset is trading at $9,072, in red with 24 hours ‘real’ volume of just...

Public Mint Launches Its Blockchain; Over 200 Banks Plan to Support Its Digital Money

vPublic Mint, a firm founded by CNET founder Halsey Minor, has announced the launching of its ‘fiat-native’ public blockchain, which enables anyone to easily...

BTC Halving Week Brings in Record Monthly New Accounts & Doubles the Revenue for BlockFi

The past two months have been incredibly dull for the price of bitcoin, but it didn’t affect the businesses in the cryptocurrency space. The...

BitcoinExchangeGuide is a hyper-active daily crypto news portal with care in cultivating the cryptocurrency culture with community contributors who help rewrite the bold future of blockchain finance. Subscribe on Google News, see the mission, authors, editorial links policy, investment disclaimer, privacy policy. Got News? Contact us, we are human too. Note: nothing here is financial advice, do your own research thoroughly.

Start Using Crypto Today