Govt Of India Warns Against This Android Virus Which Is Stealing Internet Banking User-Id, Password: How To Stay Safe?

Everyday, we get to hear different incidents of online hacking or invasion of privacy. The truth is with the advancement of technology, hackers and their hacking techniques are getting more and more sophisticated.

Just about a couple of days back we informed you about an extremely futile hacking technique called ‘juice jacking‘, which has largely been spoken and warned about by security experts.

In short, every technical device you hold today and are surrounded by, is a potential medium of hackers seeping into personal details of your life and security. All we can do is be more careful and understand the different means in which these devices can exploit us.

Extremely Vulnerable Bug Affecting Android

Cybercriminals have recently found an under investigated vulnerability to breach Android devices. It is called StrandHogg and it can allow these hackers to listen to your conversations, to listen to. 

 Initially reported by Norway-based cybersecurity firm Promon, the ill-effects and extreme vulnerability of this bug towards Android devices have now caught the attention of the cybersecurity wing of Ministry of Home Affairs.

The Threat Analytical Unit of Indian Cyber Crime Coordination Centre, Union Home Ministry has sent an alert to all States warning them about the vulnerability of the Android operating system to a bug called ‘StrandHogg’ that allows real-time malware applications to pose as genuine applications and access user data of all kind.

Promon believes that there is plenty of tangible proof that attackers are exploiting StrandHogg in order to steal confidential information. The effect of this bug was first brought to Promon’s notice when several banks in the Czech Republic had reported money disappearing from customer accounts. 

StrandHogg and Why is It Targeting Android?

All the versions of Android, including Android 10 have resulted to be vulnerable to this bug and the user may not even be aware of the  malware applications on already on their device.

These malware can potentially listen to their conversations, access photo album, read and send messages, make calls, record conversations and get login credentials to various accounts.

The main issue here is that the Android OS allows multi-tasking. This bug enjoyably exploits the Android control settings called taskAffinity and taskReparenting that allow apps, including the malicious ones to freely assume identity of another task in the multitasking system.

This permits the malicious activity to hijack the target’s task, which means the next time the user opens the targeted app, the hijacked task will  open up instead of the original tasks.

What are the Warning Signals?

While this interception takes place, the user would receive pop-ups granting permission to send notifications, messages etc. If the user grants these permissions, the malicious app gains access to these components. This is one of the main entry points for ‘StrandHogg’ to launch the attack.

An app in which the user is already logged in asking him/her to login again is another anomaly pointing to the possibilities of a cyberattack, so be very careful and attentive about it. It can activate the microphone, allowing a hacker in a remote location to listen to live conversations. The camera can also be switched on to capture visuals.

Links and buttons that become non-functional, apps asking for permissions that are not required are among the other warning signs. The Ministry also sent a detailed list of the modus operandi of the hackers and latest trends in cyberattacks for appropriate action of the States.

Promon found that the malicious apps exploiting the vulnerability did not come directly through Google Play Store. They were installed through ‘dropper apps’ distributed on Google Play. These dropper apps either have or pretend to have the functionality of popular apps so it can bypass Google Play Protect. 

The information was shared by the Threat Analytical Unit, Indian Cyber Crime Coordination Centre, Ministry of Home Affairs. It revealed that at least 500 popular apps are at risk because of this malware that hackers can deploy to attack mobile phone users.