StrandHogg 2.0 Emerges as ‘Evil Twin’ to Android Threat

This one affects older versions of Android. Unfortunately, many device either can’t be or just aren’t upgraded or even patched. Version 9 is the most widely used and is vulnerable. Patch if you can…:

[…] Like its “relatively less evil twin,” StrandHogg 2.0 is “extremely dangerous” because it does not need root access or Android permissions to run, Høegh-Omdal wrote. It can hijack permissions of other apps with access to contacts or messages. Unlike its predecessor, which can only attack one app at a time, StrandHogg 2.0 can simultaneously attack multiple apps.

Høegh-Omdal anticipates malware exploiting StrandHogg 2.0 will be harder for antivirus and security scanners to detect. No external configuration is required to execute StrandHogg 2.0, giving attackers a chance to further obfuscate their operations. As he points out, code that comes from Google Play won’t initially seem malicious to developers or security teams.

“Promon predicts that attackers will look to utilise both StrandHogg and StrandHogg 2.0 together because both vulnerabilities are uniquely positioned to attack devices in different ways, and doing so would ensure that the target area is as broad as possible,” he wrote. Many mitigations that protect against StrandHogg don’t work for StrandHogg 2.0, and vice versa.

StrandHogg 2.0 (CVE-2020-0096) has been classified as Critical by Google, which released a patch to Android ecosystem partners last month. A security fix for Android versions 8.0, 8.1, and 9.0 will be rolled out to the general public this month, Promon wrote in a blog post.

[…]

Original article here