strandhogg

Context:

The Union Home Ministry recently sent an alert to all States warning them about the vulnerability in the Android operating system to a bug named StrandHogg.

More about the news:

  • Malicious apps exploiting the vulnerability did not come directly through Google Play Store.
  • Instead they were installed through dropper apps distributed on Google Play. 
  • Dropper apps either have or pretend to have the functionality of popular apps so it can bypass Google Play Protect. 

Method of working of StrandHogg

  • When a user launches an app, an attacker can condition the system to display to the user a spoofed User Interface (UI) under the attacker's control instead of the real UI from the original app, without the user’s awareness. 
  • This makes all apps on the user’s device vulnerable, including the privileged system apps.
  • It can allow the attacker to listen to microphone, steal login credentials, take photos using camera, read SMS and even access photos.