The Vulnerability named strandhogg 2.0 (named after the Norse term for a hostile takeover)affects the android versions which are similar to version 9.0 or latest

According to Norwegian security firm Promon, it’s the same name of  “evil twin” to the earlier bug. Both the vulnerabilities discovered six months apart.

How did Strandhogg 2.0 trick?

Strandhogg 2.0 works by tricking the victims and let them feel that they are using the right app and then the user enters the same password on that vulnerable app while the user is unaware of the next action of the app. This app has the capability to hijack the other app permissions to steal sensitive user data like photos, contact, and also track the victim’s real-time Geo-location.

As the Founder and Chief technology officer at Promon said “ The bug is more dangerous than its predecessor because it’s undetectable”.

What is the Good news about?

The Promon chief said “ There is no evidence that a cyber attacker has used the bug in recent active hacking campaigns”.

What is the fear About this Bug?

There is no good way to detect the attack. The extreme fear is that the bug could still be abused by the cyber attacker in the future. The hacker can easily access your all phone data and you are not aware of that.

The promon has denied sharing more details until Google could fix this “Critical-rated “ vulnerability.

A spokesperson from Google said “The company saw no evidence of active exploitation and we appreciate the work of the researcher. We released the patch for this vulnerability. The Google play protect an app screening service is built-in to android devices that basically blocks the apps that exploit the strandhogg 2.0 vulnerability “

How Standhogg 2.0 works?

This works by abusing Android’s multitasking system which keeps an eye on the tabs or the app recently opened, the maximum use app that allows the user to switch back and forth. The Victims have to download a malicious app that seems to look alike as a normal app that can exploit the Strandhogg 2.0 vulnerability. When the installation is completed just after the victim opens the legitimate app at the same time malicious apps quickly hack the app and inject malicious content in its app, just show you the fake login windows.

When victims enter their password on the fake overlay of the application, their password is stolen and saved to the hacker server. After that the real app appears as the login was real.

The worst thing is that Strandhogg 2.0 doesn’t need android permission to run and also hijacks the permissions of the app that have access to everything to victims’ data like contacts, photos, and messages.

If the permission is granted then malware creates a highly dangerous risk.

Once the permission is granted then the malware is allowed to upload the entire text messages conversations and also the hacker defeats the two-factor authentication protection.

Researchers have found a major vulnerability in every version of Android that mainly pretends to be the legitimate app to steal the user’s personal information like passwords and other data.

How to get out of it?

If you don’t update the latest Android security update then it will affect your personal data theft or you open a gate for the vulnerable Strandhogg 2.0. The new Google security update can fix this vulnerability.

If you don’t update the latest Android security update then it will affect your personal data theft or you open a gate for the vulnerable Strandhogg 2.0. The new Google security update can fix this vulnerability.

The post Android bug : Strandhogg 2.0 Steals user Sensitive data appeared first on Vednam.

DDoS attack on ESET

From the sources, ESET researcher Lukas revealed details about an android app that used to target the ESET website with DDoS attacks.

The app appeared  “updates for android which seems like a new update. The main thing it was linked with a website i-updater.com that was really fascinating. It seems that it is not harmful and that may cause thousands of downloads.”

According to ESET analysis, the malicious app has an inbuilt ability to load and execute malicious JS on the target device. This may really not happen it appeared online in late 2019. Hence, it was avoided by the google play store’s security.

What really it effect

As the result came, it turned the devices of all its users into its “botnet”.The interesting part is that it displayed the ads on the devices which helps to hide app icons and in between the app start downloading malicious javascript from the attacker’s server to run on user’s devices.

However, the availability to execute JS is what the attackers used to wages a DDoS attack

“The DDoS attack starts with the machines who compromised while receiving a command to load the vulnerable script that specifies the targeted domain. When the script is loaded, the machine starts making requests to the targeted domain.”

This all happens till they don’t reach the ESET website, the team of ESET detected the source behind the attack.

Take Down the App

After finding the threat, the ESET team got in touch with Google who eventually removed the app from the play store. The researcher also checks the website i-updater.com remained up as it was not malicious. When the team checks the website it appeared as a blank page. The site is fully cleaned and no traces are found of threat and malicious script.

Conclusions came after that the attacker may go underground and rebuild the site in a new manner.

The post ESET Website under DDoS attack by Malicious Android App appeared first on Vednam.