Skip to main content

Android Security Flaw Exposes Users to Phishing Attacks

N

Nyakundi Report

Newsroom 1 min read

This archive report was first published on 16 July 2020.

Published on July 16, 2020, a new security flaw in Android smartphones has raised alarm bells for users worldwide. Researchers from Promon discovered the bug, dubbed StrandHogg 2.0, which enables attackers to overlay a malicious version of any app over the real app, capturing all logins.

According to Promon, the attackers can impersonate multiple apps in one attack, giving them several opportunities to steal users' passwords. Security experts at Sophos explained that the attack is difficult to spot and can steal sensitive information such as GPS data, images, logins, SMS messages, and emails.

The flaw affected anyone running Android versions 9.0 or earlier. However, Google has since released a patch update, protecting Android users from the vulnerability. Boris Cipot, a senior security engineer at Synopsys, praised Google's quick response, stating that the company has implemented a system to screen applications for unwanted behavior and block apps attempting to exploit the vulnerability.

‘It’s worth noting that Strandhogg 2.0 is dangerous for two reasons: the way in which it ends up on your mobile device and the way in which it harvests rights and access data,’ Cipot said. He emphasized the importance of users being cautious when choosing apps to install and doing research on the app developers before downloading.

Be the first to react

Support

Support this reporting

M-Pesa support recorded against this story.

Send support →

Stay close

Get the briefing

Major updates by email. No spam.

Get email brief →

Share

Save share card

Download a clean portrait card for sharing.

Save image →