New Android bug allows fake apps to run instead of the real

Trojans – not such a normal thing for Android, as is commonly believed. Despite the fact that they do exist and they are clearly more than for iOS, most users of Google’s OS never them faced. This is not surprising. Just need that to download software only from Google Play and not to use third-party sources, especially if they are not checked. Indeed, the probability to obtain some kind of a malicious application are much higher there than anywhere else. But sometimes it so happens that the main danger is not even a Trojan, and the bug that it exploits.

Android is not as secure as it might seem

Did you know that your Androidsmartphone does not belong only to you?

In Android 9 Pie and earlier discovered a bug called Strandhogg 2.0, which allows fake apps to replace the original. If you do not go into the technical details of the issues that most of our readers are completely uninteresting, everything is quite simple. In that moment, when the user runs the original application – and no matter what it will be for the application — it will launch a fake, which will replace the original screen.

Fake apps for Android

The launch of this application triggers the start fake

If the attacker responsible attitude to the question and sketched the design of the original quite accurately, the user will not be able to distinguish the interface of this app from a fake. However, to copy the entire interface there is no need. Simply copy the login page where you enter your username and password, and slip her unsuspecting victim. That likely did not realize that the fake login screen, as started original application and enter your credentials, which immediately fly away attackers.

Google is making "Messages" a real analogue of iMessage for Android

Application, exploiting a bug can get into your device in many different ways, but the most common is to download it from dubious sources. Users looking for cracked versions of paid applications on the Internet, downloading a malicious program that pretends to be for what they are looking for, set on a smartphone, fail and forget about the incident. However the app remains on the device and waits for a user to run a Bank customer, social network or email, to steal access data.

We have a cool channel in Yandex.Zen. Join us.

According to researchers in the field of information security company Promon, this bug is extremely dangerous. It allows attackers to act secretly as possible, because it does not mimic the original app and not trying to clone it and just run at the time of its launch. And because of the novelty of this attack, most antivirus programs do not know how correctly to identify it and warn users about the danger of opening the cyber criminals carte Blanche. In the end, launch the fake program triggers the bug, but it does not contain any harmful elements.

Protect Android from virus

The most reliable way to protect yourself from malicious attacks is not to download apps from the Internet

Google for its part says that he knows about the bug, but the attempts at exploitation by third-party antivirus software stopped Google Play Protect, which is built into all Androidsmartphones with support for Google Mobile Services. That is, in fact, protected the vast majority of vehicles with the exception of a very small circle. Apparently, Google forgot that under her nose develops a niche of smartphones from Huawei and Honor that the Google Mobile Services does not support and therefore does not have protection mechanisms, typical for all other devices.

Google added in Android confirmation online shopping voice

I like a man that has never been the victim of Trojan, always advised to follow the permissions that you distribute svezheokrashennym applications. Because it is through them they could obtain control over the device. But applications, exploiting the bug Strandhogg 2.0, do not require permits at all, because they do not need any access to location services, nor to memory, nor to the camera. They do not do surveillance and collect credentials directly from the accounts in the interests of their creators. Therefore, it remains to use only Google Play and hope Google doesn’t lie, and Google Play Protect can indeed protect against such attacks.

Leave a Reply

Your email address will not be published. Required fields are marked *