Just a couple of days ago we informed you that on devices running the Green Robot “atrocities” virus which steals credit card numbers and accounts. In case you missed the news, then be sure to read it at this link, and subscribe to us in order not to miss such important things. However, we now know that this is not the only example of malicious code of this kind. Yes, you understood correctly. On Android seen another virus that steals money right from under the nose of the user.
Like viruses stealing money from the accounts?
According to the editors of the portal Tom’s Guide, a new vulnerability has been called StrandHogg. And it includes a number of multitasking processes, which help you to access the root data of the Android operating system and there all encrypted records. Moreover, the assurances of the same Tom’s Guide, Google knows about StrandHogg at least three months, but correcting holes in the system security has not been provided for download to users.
StrandHogg is unique in that it allows to carry out complex attacks without having to install malicious code in the root files of the device — said in a report published earlier by researchers of the Norwegian firm Promon, dealing with issues of cybersecurity. For attacks, the attacker does not need any special permission on the device. The vulnerability also allows the attacker to masquerade as almost any app that will outwardly look very believable. StrandHogg can hear you through the microphone, to steal the photo from the Gallery, to read and send SMS messages and make a recording of telephone conversations, intercept outgoing and incoming traffic, to have access to all the personal files on the device as well as location and GPS information. Plus it remains unprotected contact list and a log of completed calls.
As you know, to steal StrandHogg can almost everything. In particular, many victims complained that they have started to lose money from Bank accounts. This is a temporary solution. You can smell a rat if the application to which you have already entered, such as Facebook or Google, will prompt again for login credentials, or if the application that you already use start to request a lot of permissions.
Also read: 5 best antivirus for Android
In this case you should scan the system with antivirus with the latest database. However, what to do with the new downloaded applications is not clear because they asked permission and enter a username and password anyway. Experts Promon has also published a video showing how StrandHogg can steal user credentials on the smartphone Samsung Galaxy S10 running Android 10.
The authors Tom’s Guide, as well as experts from Promon turned to Google to explain the situation or at least provide a time frame in which users should expect the update, but the answer is that, alas, was not followed. We will keep you informed of developments.