STRANDHOGG BUG

■ StrandHogg(Cyber security ):
Recently, the Ministry of Home Affairs has sent an alert to all States warning them about the vulnerability in the Android operating system that allows malware
applications to pose as legitimate apps and access user data of all kinds. Promon, a Norwegian firm specialising in In-App protection, found proof of this dangerous Android vulnerability, which they call 'StrandHogg’.
■ BUG:----A bug is a general term used to describe any unexpected problem with hardware or software.
● A "bug" is an error or defect in software or hardware that causes a program to malfunction.
● The vulnerability allows sophisticated malware attacks without the need for a device to be rooted to the Android operating system.
● Attackers exploit Android's control setting called 'taskAffinity', which enables any app to freely assume any identity in Android's multi tasking system
.
■ HOW STRANDHOGG WORKS :- A malicious app installed on an Android smartphone can
exploit the StrandHogg bug to trigger malicious code when the user starts another app -- via a feature called "task reparenting."
● Basically, a user taps on a legitimate app, but executes code from a malicious one. As can be seen from the example images below, tapping a legitimate app's icon triggers code executed by the malicious app -- code which can ask for intrusive permission or show phishing pages.

■ DROPPER APPS:---Dropper apps are those that either have or pretend to have the functionality of popular apps,
but they also install
additional apps to a device that can be malicious or steal data.
■ WHAT ARE THE SAFE STEPS
Currently, there is no effective block or even detection method against
StrandHogg on the device itself. However, as a user, you should be alert to the following discrepancies in your device:
An app or service that you’re already logged into is asking for a login.
• Permission popups that do not contain an app name.
• Permissions asked from an app that shouldn’t require or need the permissions it asks for. For e.g., a calculator app asking for GPS permission.
• Typos and mistakes in the user interface.
• Buttons and links in the user interface that does nothing when clicked on.
• Back button does not work as expected.

Comments

Popular posts from this blog

INDIAN MUSIC

ODISSI OF ODISHA

THE CLASSICAL DANCE KUCHIPUDI