Crooks are exploiting unpatched Android flaw to drain users’ bank accounts

Hackers are actively exploiting StrandHogg, a newly revealed Android vulnerability, to steal users’ mobile banking credentials and empty their accounts, a Norwegian app security company has warned.

“StrandHogg is unique because it enables sophisticated attacks without the need for the device to be rooted. To carry out attacks, the attacker doesn’t need any special permissions on the device. The vulnerability also allows an attacker to masquerade as nearly any app in a highly believable manner,” they noted. 

StrandHogg allows attackers to show to users fake login screens and ask for all types of permissions that may ultimately allow them to:

• Read and send SMS messages (including those delivering second authentication factors)
• Phish login credentials
• Make and record phone conversations
• Listen to the user through the microphone
• Take photos through the device’s camera
• Get access to photos, files on the device, location and GPS information,the contacts list, phone logs, etc.

As, according to the researchers, there’s no effective block or reliable detection method against StrandHogg on Android devices, users are advised to be on the lookout for things like: 

Tips for telling if an app is exploiting StrandHogg include: 

• Permissions asked from an app that shouldn’t require or need the permissions it asks for. For example, a calculator app asking for GPS permission.

• Permission pop-ups that don’t contain an app name

• Typos and mistakes in the user interface.

• Buttons and links in the user interface that does nothing when clicked on.

• Back button does not work like expected.

As always, you can keep yourself safer—not fully protected, but safer—by sticking to recommended apps on the Google Play Store. If an app seems suspicious in name, description, or awkwardness of reviews, do a little extra research to vet it before you slap it on your device. And resist the urge to sideload apps outside of the Google Play Store; you never know what you’re installing on your device, and you lose any potential protections Google can provide. And once a “dropper” app gets on your device, installing something that can then masquerade as a real app is all too easy.

How do I get rid of StrandHogg-exploiting apps? 

If you think you’re stuck with an app that’s exploiting StrandHogg, you can always factory-reset your device. Set it up as a brand-new device, rather than restoring from a backup, and you’ll be back to square one. 

Otherwise, you’ll have to figure out which app on your device is sketchy. I think the easiest way to do this is to just start from scratch or, at minimum, delete any apps on your device that you’ve previously downloaded.

You can also try installing Lookout’s Security & Antivirus app, but there’s no guarantee that it’ll be able to detect every StrandHogg-exploiting app on your device.