Highlights and Updates

New Unpatched Strandhogg Android Vulnerability Actively Exploited in the Wild

Tuesday, 3rd December 2019

Cybersecurityresearchers have discovered a new unpatched vulnerability in the Androidoperating system that dozens of malicious mobile apps are already exploiting inthe wild to steal users' banking and other login credentials and spy on theiractivities.

Dubbed Strandhogg, thevulnerability resides in the multitasking feature of Android that can beexploited by a malicious app installed on a device to masquerade as any otherapp on it, including any privileged system app.

In other words, when a user taps the icon of alegitimate app, the malware exploiting the Strandhogg vulnerability canintercept and hijack this task to display a fake interface to the user insteadof launching the legitimate application. 
Read More