June 18, 2024

Promon: hackers use Android vulnerability to access cryptocurrency wallets

Researchers from Promon, a company specializing in information security, discovered a vulnerabilitywhich allows hackers to access personal data on any Android phone.

Promon reported the discovery of a dangerous vulnerabilitycalled StrandHogg, which affected all versions of Android. Now the 500 most popular applications are under threat. Promon CTO Tom Hansen noted:

“We have real evidence thatattackers use StrandHogg to steal confidential information. The potential impact of this vulnerability can be unprecedented in terms of the scale and extent of the damage - most applications are vulnerable by default and affect all versions of Android. ”

StrandHogg mimics any application oninfected device. The vulnerability then allows malicious applications to gain access to user credentials by displaying a malicious and fake version of the login screen.

“When the victim enters his credentials to enter the interface, this data is immediately sent to the attacker, who can then enter the system and manage the applications,” the report says.

In addition to stealing personal information such as dataTo enter the cryptocurrency wallet, StrandHogg can also listen to the user through a microphone, read and send text messages and gain access to all personal photos and files on the device.

Promon researchers reported a discoveryGoogle’s vulnerabilities last summer. However, although Google removed the vulnerable applications, it seems that this vulnerability has not been fixed for any version of Android.

Recall that in June, the antivirus company Trend Micro discovered a cryptocurrency mining botnet using Android Debug Bridge ports, which are designed to eliminate application defects.

In the same month, specialists from the companyESET has discovered a vulnerability in the Android operating system that allows malware to access users' two-factor authentication codes.