•   
  •   
  •   

Technology A serious Android bug could be exploited to steal your banking credentials

01:30  03 december  2019
01:30  03 december  2019 Source:   techradar.com

Pixel 4 and 4 XL rumors and specs: Launching Oct. 15 with Face ID-type gesture controls and orange color

  Pixel 4 and 4 XL rumors and specs: Launching Oct. 15 with Face ID-type gesture controls and orange color Google's next flagship is definitely on its way. Keep tabs on the other rumors about the Pixel 4 and 4 XL.But last year's Pixel 3 and 3XL didn't sell as well, despite their exceptional cameras and critical acclaim. This could be because the phones are exclusive to Verizon (though they work on other US carriers), plus the fact that people in general aren't buying phones as much as they used to. The Pixel 3 and Pixel 3XL phones are also expensive, unlike the Pixel 3A phones.

Researchers at Norwegian security firm Promon have discovered a serious Android vulnerability which can be exploited to steal login credential , access Called StrandHogg, the vulnerability affects all versions of Android , including Android 10, and the researcher who made the discovery says that it

Banking apps were hit by cyber-thieves who spoofed login pages to steal account details. The bug lets attackers create fake login screens that can be inserted into legitimate apps to harvest data. Thirty six apps have been found to have exploited the vulnerability, dating back to 2017.

Researchers at Norwegian security firm Promon have discovered a serious Android vulnerability which can be exploited to steal login credential, access messages, track location and more.

a close up of a toy: Android© Provided by TechRadar Android

Called StrandHogg, the vulnerability affects all versions of Android, including Android 10, and the researcher who made the discovery says that it "leaves most apps vulnerable to attacks".

  • The best apps for Android
  • The best games for Android
  • The best Android phones of 2019

It works by exploiting a problem in Android's multitasking system, enabling malicious app to overlay legitimate apps with fake login screens that fool users into handing over security credentials.

Pixel 4 launch in 7 days: Here's everything we know

  Pixel 4 launch in 7 days: Here's everything we know Google's next flagship is definitely on its way. Keep tabs on the other rumors about the Pixel 4 and 4 XL.But last year's Pixel 3 and 3XL didn't sell as well, despite their exceptional cameras and critical acclaim. This could be because the phones are exclusive to Verizon (though they work on other US carriers), plus the fact that people in general aren't buying phones as much as they used to. The Pixel 3 and Pixel 3XL phones are also expensive, unlike the Pixel 3A phones.

How Android multi-stage malware can infect users from Google Play and how you can remove it. How to Get Your PayPal API Credentials (Username, Password, and Signature to Woocommerce 2020) - Продолжительность: 1:38 garnatti one 3 183 просмотра.

By exploiting accessibility services, the Trojan can access the UI of any other apps installed on the phone and steal A phishing screen which Svpeng uses to steal financial data. If the user enters their details into one of these overlays, their banking credentials will fall into the hands of hackers

Victims can also be tricked into granting the malicious apps additional permissions, which then enable the apps to perform all manner of nefarious activities including intercepting texts and calls, and listening in via a phone's microphone.

Draining the bank

Promon unearthed the security hole while investigating apps that been found stealing money from bank accounts. In all it found that 60 financial institutions had been targeted with various apps that exploited the vulnerability.

Chief technology officer at Promon, Tom Hansen told the BBC: "We'd never seen this behavior before. As the operating system gets more complex it's hard to keep track of all its interactions. This looks like the kind of thing that gets lost in that complexity".

Pixel 4 launch in 5 days: All the Google event rumors and what we know so far

  Pixel 4 launch in 5 days: All the Google event rumors and what we know so far Google's next flagship is definitely on its way. Keep tabs on the other rumors about the Pixel 4 and 4 XL.True, Google's most recent phones, the midrange Pixel 3A and Pixel 3A XL, are doing well. Pixel sales doubled and the Pixel 3A continues to impress with its camera, and CNET editor Daniel Van Boom called it the most important phone of 2019.

“Trojans can do multiple things, but are often aimed at stealing your credentials from financial apps, such as banking , payment and cryptocurrency apps,” Glassberg said. Once installed, the Trojan lies dormant until you open a legitimate banking or payment app on your phone. This is when the Trojan

It is capable of stealing user credentials as well as credit card details. Although the capabilities of the BlackRock malware are similar to those of average Android banking “Those ‘new' targets are mostly not related to financial institutions and are overlayed in order to steal credit card details,” the team at

Worryingly, it was found that most of the top 500 apps in Google Play were vulnerable to being exploited. Lookout, another security firm working in conjunction with Promon, identified no fewer than 36 malicious apps already actively exploiting the vulnerability. This included variants of the BankBot banking trojan which has been around since as long ago as 2017.

Promon published a video about the vulnerability:

OneSpan is a company that specializes in mobile app security, and it recognizes the importance of the discovery. Its senior product marketing manager, Sam Bakken, says: "Promon's recent findings make the vulnerability as severe as it's ever been".

He goes on to say that hackers have clearly been taking advantage of the security hole for quite some time: "Consumers and app developers alike were exposed to various types of fraud as a result for four years. Attackers are aware of the vulnerability and actively exploiting it to steal banking credentials and money".

Google has responded to news of the vulnerability by saying: "We appreciate the researchers' work, and have suspended the potentially harmful apps they identified. Additionally, we're continuing to investigate in order to improve Google Play Protect's ability to protect users against similar issues".

But Promon warns that it is still currently possible to create fake overlay screen to trick users in all versions of Android.

  • Find out how to enable dark mode for Android

New Android phone? Here are 5 settings to change right away .
Whether it's a new Galaxy S10 or a Moto G7, you can get the most out of your phone by tweaking a few settings.New Android phone? Change these settings.

—   Share news in the SOC. Networks

Topical videos:

usr: 6
This is interesting!