Tech & Science How To Tell If An Android App Is 'StrandHogg' Malware In Disguise

22:51  03 december  2019
22:51  03 december  2019 Source:   lifehacker.com.au

Last Week's 10 Biggest Posts

  Last Week's 10 Biggest Posts You wanted: Disney+'s Australian launch lineup, WhatsApp malware alerts, everything you need to know about Black Friday 2019. Kick off your Monday by checking out the ten most popular posts from last week. Disney Plus: Australian Pricing, Release Date And Content require(["inlineoutstreamAd", "c.

Photo: <a href= © Provided by Lifehacker Australia Photo: Shutterstock" out-link" src="https://www.shutterstock.com/image-photo/florida-usa-september-2019-green-android-1502196683?src=1d87e1af-5c0a-4b25-acd5-e5f61e53a947-4-3">Shutterstock">

‘StrandHogg’ sounds like something out of Quake II, but it’s actually the name of a new Android vulnerability that allows malware apps to masquerade as legitimate apps, ask for permissions, and then perform all kinds of actions you probably wouldn’t want. For example, one of these apps could read and scan your messages, take photos using your camera, or even phish your logins by giving you bogus sign-in screens instead of the real deal.

Delete Unused Apps To Protect Your Android From Vulnerabilities

  Delete Unused Apps To Protect Your Android From Vulnerabilities Regularly uninstalling unused apps from your smartphone (and disabling unnecessary app permissions) does more than just free up extra storage space—it helps keep your personal data safe. Case in point: Several third-party Android apps were recently implicated in a data breach that affected millions of Facebook and Twitter users. Twitter disclosed the details of the attack in a blog post on Monday. A number of third-party apps containing malicious software were able to exploit vulnerabilities in Android devices to access certain Twitter and Facebook account information.

How do crappy apps take advantage of StrandHogg?

According to the security firm Promon, StrandHogg affects all Android versions, even a fully updated Android device (as of when we wrote this article), and doesn’t require root access to work.

Promon partner Lookout initially found 36 offending apps one could install that then loaded additional apps onto a user’s device, and these secondary apps exploited the StrandHogg vulnerability. It’s unclear whether these “dropper” apps were found directly on the Google Play Store or not—Lookout representatives later told Ars Technica that none of these 36 apps were on Google’s store—but that doesn’t mean that others won’t pop up and attempt to do the same thing via official or unofficial means. As Promon describes:

Protect Your Banking Data From This New Android Threat

  Protect Your Banking Data From This New Android Threat A new malware threat has been found lurking in the depths of Google's Play Store and this time it's coming for your banking details. Here's what you need to know.Researchers at Lookout, a mobile cybersecurity company, found a number of Android apps on the Google Play Store had been exploited by a vulnerability called Strandhogg.

“The specific malware sample which Promon analysed did not reside on Google Play but was installed through several dropper apps/hostile downloaders distributed on Google Play. These apps have now been removed, but in spite of Google’s Play Protect security suite, dropper apps continue to be published and frequently slip under the radar, with some being downloaded millions of times before being spotted and deleted.

Demonstrative of the scale of Google Play’s issue with dropper apps, researchers recently reported that the malicious CamScanner app, a PDF creator which contains a malicious module, has been downloaded more than 100 million times.”

How can I tell if an app is trying to scam me using StrandHogg?

As much as I hate to say it, common sense is your best guide. If something feels strange with an app you’re using, even if that app is one that you know is legitimate, you should be sceptical. Maybe don’t input your login and password (or payment information) if asked—and don’t give an app extra permissions if it asks for them out of the blue.

The US sanctioned a Russian hacking group called Evil Corp. for stealing more than $100 million from banks

  The US sanctioned a Russian hacking group called Evil Corp. for stealing more than $100 million from banks The US Treasury Department on Thursday brought sanctions against Evil Corp., a Moscow-based cybercriminal group, for its role in using malware to steal more than $US100 million from banks and financial institutions. The Justice Department also brought hacking and fraud charges against two Russians accused of working for Evil Corp. The alleged hackers, Maksim Yakubets and Igor Turashev, are charged with conspiracy, computer hacking, bank fraud, and wire fraud connected to the Bugat malware conspiracy, which resulted in the theft of millions of dollars in the US.

Promon’s other tips for telling if an app is exploiting StrandHogg include:

  • An app or service that you’re already logged into is asking for a login.

  • Permission popups that does not contain an app name.

  • Permissions asked from an app that shouldn’t require or need the permissions it asks for. For example, a calculator app asking for GPS permission.

  • Typos and mistakes in the user interface.

  • Buttons and links in the user interface that does nothing when clicked on.

  • Back button does not work like expected.

As always, you can keep yourself safer—not fully protected, but safer—by sticking to recommended apps on the Google Play Store. If an app seems suspicious in name, description, or awkwardness of reviews, do a little extra research to vet it before you slap it on your device. And resist the urge to sideload apps outside of the Google Play Store; you never know what you’re installing on your device, and you lose any potential protections Google can provide. And once a “dropper” app gets on your device, installing something that can then masquerade as a real app is all too easy.

How do I get rid of StrandHogg-exploiting apps?

If you think you’re stuck with an app that’s exploiting StrandHogg, you can always factory-reset your device. Set it up as a brand-new device, rather than restoring from a backup, and you’ll be back to square one.

Otherwise, you’ll have to figure out which app on your device is sketchy. I think the easiest way to do this is to just start from scratch or, at minimum, delete any apps on your device that you’ve previously downloaded. You can also try installing Lookout’s Security & Antivirus app, but there’s no guarantee that it’ll be able to detect every StrandHogg-exploiting app on your device.

MALWARE ALERT: Windows 10 'Safe Mode' Isn't Safe Right Now .
Another day, another ransomware alert threatening to undo your precious, if a bit broken, Windows 10 device. A team of researchers have found a particularly nasty package that forces your PC into Safe Mode and then exploits it. Here's what you need to know.A team of researchers at security software company SophosLabs has been monitoring a number of ransomware threats on Windows 10 devices that target a vulnerability once they boot up in Safe Mode. The threat was first noticed in mid-October after an organisation reported an outbreak within their network.

—   Share news in the SOC. Networks
usr: 0
This is interesting!