Promo security researchers have found a vulnerability that allows cybercriminals to access personal data on all Android phones.

500 most popular apps are at risk
On December 2, Norwegian app security company Promon discovered a dangerous Android vulnerability called StrandHogg, which was infected with all versions of Android and put the top 500 apps at risk. I will. Promo CTO Tom Lysemose Hansen commented:

“We have solid evidence that an attacker is using StrandHogg to steal confidential information. Since most apps are vulnerable by default and affect all Android versions, the potential impact of this may be unprecedented in size and damage.

How does StrandHogg work?
StrandHogg fakes other apps on infected devices to trick users into believing that they are using legitimate apps. This vulnerability could then allow a malicious app to display a malicious fake version of the login screen to phish the user’s credentials. The report reads as follows:

“If the victim enters login credentials within this interface, sensitive details are immediately sent to the attacker, who can then login and control the security-sensitive app.”In addition to stealing personal information such as crypto wallet login credentials, StrandHogg can also listen to you through your microphone, read and send text messages, and access all personal photos and files on your device. Promon researchers also pointed out that they made their findings public to Google last summer. However, although Google has removed the affected app, it does not appear to have fixed the vulnerability in other versions of Android.

Criminals using YouTube to install
cryptojacking malware November, Slovak software security company ESET found Monero (via the deployed botnet Stantinko that cybercriminals XMR YouTube) cryptocurrency mining module. Major anti-virus software vendors have reported that Stantinko botnet operators have expanded their crime range by installing crypto-mining malware on victim’s devices using Youtube in click fraud, ad insertion, social network fraud and password theft attacks.