October 1, 2022

Promon: hackers use Android vulnerability to access cryptocurrency wallets

Researchers at Promon, an IT security company, have discovered a vulnerability which allows hackers to access personal data on any Android phone.

Promon reported the discovery of a dangerous vulnerabilitycalled StrandHogg, which affected all versions of Android. The 500 most popular apps are now at risk. Promon CTO Tom Hansen noted:

“We have real evidence thatattackers use StrandHogg to steal confidential information. The potential impact of this vulnerability can be unprecedented in terms of the scale and extent of the damage - most applications are vulnerable by default and affect all versions of Android. ”

StrandHogg mimics any application oninfected device. The vulnerability then allows malicious applications to gain access to user credentials by displaying a malicious and fake version of the login screen.

“When the victim enters his credentials to enter the interface, this data is immediately sent to the attacker, who can then enter the system and manage the applications,” the report says.

In addition to stealing personal information such as dataTo enter the cryptocurrency wallet, StrandHogg can also listen to the user through a microphone, read and send text messages and gain access to all personal photos and files on the device.

Promon researchers reported a discoveryGoogle’s vulnerabilities last summer. However, although Google removed the vulnerable applications, it seems that this vulnerability has not been fixed for any version of Android.

Recall that in June, the antivirus company Trend Micro discovered a botnet for mining cryptocurrencies using Android Debug Bridge ports, which are designed to eliminate application defects.

In the same month, specialists from ESETdiscovered a vulnerability in the Android operating system that allowed malicious programs to gain access to two-factor authentication codes of users.