Crooks are exploiting unpatched Android flaw to drain users’ bank accounts
Hackers are taking advantage of StrandHogg, a recently publicized Android vulnerability, to steal banking credentials and empty accounts. European security company Wultra warns that several banks in the Czech Republic have reported money disappearing from customer accounts. All versions of Android are affected by the vulnerability, as well as all 500 of the most popular Android apps.
StrandHogg allows attackers to show fake login screens and ask for permissions that ultimately allow them to read and send SMS messages, phish login credentials, access photos and locations, record phone conversations, and listen to the user through microphone access. The impact of this could be massive, and the amount of damage caused has the potential to be unprecedented. Mobile Security company Lookout has identified 36 malicious apps that are exploiting the StrandHogg vulnerability. Users should be wary of an app that they have already logged into prompting a login again, permission pop-ups without an app name, and buttons and links that do nothing when clicked on. Another major red flag of the StrandHogg exploit is typos and mistakes in the user interface.