Connect with us

Security

New Android bug targets banking apps on Google Play store

Published

on

Labeled “StrandHogg,” the vulnerability discovered by the mobile security vendor Promon could give hackers access to users’ photos, contacts, phone logs, and more.

Android apps in Google’s Play Store have frequently been the target of malware designed to infect mobile devices and steal personal information from users. 

Google is then put in the position of playing clean up to remove the malicious apps and then repeating the process the next time such fraudulent apps appear. 

The latest malware vulnerability is one that affects all Android devices by targeting banking apps in an attempt to compromise user data and gain access to financial accounts.

Powerful trends are pushing the global community to develop more smart cities and invest in connected technologies, as the world population increases and more people move to urban environments. This ebook looks at smart city growth from several angles…eBooks provided by TechRepublic Premium

Discovered by Promon, the vulnerability dubbed StrandHogg allows malicious apps to pose as legitimate ones, giving hackers access to private SMS messages and photos, steal login credentials, track the movements of users, record phone conversations, and spy on people through the phone’s camera and microphone, according to a Promon press release posted on Monday.

Security researchers at Promon analyzing real malware that exploited this vulnerability discovered that all of the top 500 most popular apps had been at risk, affecting all versions of Android, including Android 10. As ranked by the app intelligence company 42 Matters, the list of 100 includes mostly popular and general apps across all types of categories

Specifically, Promon’s partner and security firm, Lookout, confirmed 36 malicious apps that exploited the flaw. Among them were variants of the BankBot banking trojan, which has been seen as early as 2017 and is one of the most widespread banking trojans around.

In response to Promon’s findings, Google has since removed the identified malicious apps from its Play store, according to a statement sent to BBC News and TechRepublic.

“We appreciate the researchers work, and have suspended the potentially harmful apps they identified,” Google said in its statement. “Google Play Protect detects and blocks malicious apps, including ones using this technique. Additionally, we’re continuing to investigate in order to improve Google Play Protect’s ability to protect users against similar issues.” 

In an overview page, Promon provided details on the StrandHogg vulnerability, explaining its impact and the different ways that hackers can exploit it.

As Promon describes it, StrandHogg allows a malicious app masquerading as a legitimate one to ask for certain permissions, including access to SMS messages, photos, GPS, and the microphone.

Unsuspecting users approve the requests, thinking they’re granting permission to a legitimate app and not one that’s fraudulent and malicious. When the user enters the login credentials within the app, that information is immediately sent to the attacker, who can then sign in and control sensitive apps.

The vulnerability itself lies in the multitasking system of Android, Promon’s marketing and communication director, Lars Lunde Birkeland, said. The exploit is based on an Android control setting called “taskAffinity,” which allows any app, including malicious ones, to freely assume any identity in the multitasking system, Birkeland said.

A specific malware sample analyzed by Promon was not on Google Play but was instead installed through dropper apps and hostile downloaders available on Google’s mobile app store, according to Promon. Such apps either have or pretend to have the features of games, utilities, and other popular apps but actually install additional apps that can deploy malware or steal user data.

“We have tangible proof that attackers are exploiting StrandHogg in order to steal confidential information,” Promon’s chief technology officer, Tom Lysemose Hansen, said in a statement on the overview page. “The potential impact of this could be unprecedented in terms of scale and the amount of damage caused because most apps are vulnerable by default and all Android versions are affected.”

Though Google removed the 36 exploited apps, Birkeland said that to the best of Promon’s knowledge, the vulnerability itself has not been fixed in any version of Android, including Android 10. Google also tries to safeguard its app store through its Google Play Protect security suite, but dropper apps continue to appear on the store. Often slipping under the radar, these apps can be downloaded millions of times before they’re caught and removed.

“Google Play is usually considered a safe haven for downloading software,” Birkeland said. “Unfortunately, nothing is 100% safe, and from time to time malware distributors manage to sneak their apps into Google Play.”

Sam Bakken, a senior product marketing manager with the anti-fraud company OneSpan, also weighed in on the threat posed by such vulnerabilities as StrandHogg.

“As you might imagine, criminals salivate over the monetization potential in stolen mobile banking credentials and access to one-time-passwords sent via SMS,” Bakken said in a statement. 

“Promon’s recent findings make the vulnerability as severe as it’s ever been. Consumers and app developers alike were exposed to various types of fraud as a result for four year,” he continued. “In addition, now, at least 36 examples of malware attacking the vulnerability as far back as 2017 have been identified—some being variants of the notorious Bankbot Trojan. This goes to show you that attackers are aware of the vulnerability and actively exploiting it to steal banking credentials and money.”

Source:
https://www.techrepublic.com/article/new-android-bug-targets-banking-apps-on-google-play-store/

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Security

Firm introduces new cyberthreat detection service

Published

on

By

Sophos, a global leader in network and endpoint security, has announced the availability of a fully managed threat hunting, detection and response service, called Sophos Managed Threat Response.

The firm said the re-sellable service would provide organisations with a dedicated 24/7 security team to neutralise the most sophisticated and complex threats.

According to a statement, these threats include active attackers leveraging fileless attacks and administrator tools such as PowerShell to escalate privileges, exfiltrate data and spread laterally.

“Attacks like these are difficult to detect since they involve an active adversary using legitimate tools for nefarious purposes, and Sophos MTR helps eliminate this threat,” it said.

The Chief Technology Officer at Sophos, Joe Levy, said cybercriminals were adapting their methods and increasingly launching hybrid attacks that combined automation with interactive human ingenuity to more effectively evade detection.

He said, “Once they gain a foothold, they’ll employ ‘living off the land’ techniques and other deceptive methods requiring human interaction to discover and disrupt their attacks.

“For the most part, other managed detection and response services simply notify customers of potential threats and then leave it up to them to manage things from there.

“Sophos MTR not only augments internal teams with additional threat intelligence, unparalleled product expertise, and round-the-clock coverage, but also gives customers the option of having a highly trained team of response experts take targeted actions on their behalf to neutralise even the most sophisticated threats.”

Source:
https://punchng.com/firm-introduces-new-cyberthreat-detection-service/

Continue Reading

Security

Google now treats iPhones as physical security keys

Published

on

By

The latest update to Google’s Smart Lock app on iOS means you can now use your iPhone as a physical 2FA security key for logging into Google’s first-party services in Chrome. Once it’s set up, attempting to log in to a Google service on, say, a laptop, will generate a push notification on your nearby iPhone. You’ll then need to unlock your Bluetooth-enabled iPhone and tap a button in Google’s app to authenticate before the login process on your laptop completes. The news was first reported by 9to5Google.

Two-factor authentication is one of the most important steps you can take to secure your online accounts, and provides an additional layer of security beyond a standard username and password. Physical security keys are much more secure than the six digit codes that are in common use today, since these codes can be intercepted almost as easily as passwords themselves. Google already lets you use your Android phone as a physical security key, and now that the functionality is available on iOS it means that anyone with a smartphone now owns a security key without having to buy a dedicated device.

Attempting to log in to a Google service will send a push notification to your phone over Bluetooth.

The new process is similar to the existing Google Prompt functionality, but the key difference is that Smart Lock app works over Bluetooth, rather than connecting via the internet. That means your phone will have to be in relatively close proximity to your laptop for the authentication to work, which provides another layer of security. However, the app itself doesn’t ask for any biometric authentication — if your phone is already unlocked then a nearby attacker could theoretically open the app and authenticate the login attempt.

According to one cryptogopher working at Google, the new functionality makes use of the iPhone processor’s Secure Enclave, which is used to securely store the device’s private keys. The feature was first introduced with the iPhone 5S, and Google’s app says that it requires iOS 10 or later to function.

The new iPhone support appears to be limited to authenticating Google logins from the Chrome browser. When we attempted to use an iPhone to authenticate a login of the same service (we tested with Gmail) using Safari on a MacBook, we were prompted to insert our key fob (which we don’t have), meaning it created an extra step in our login process where we had to pick an alternative 2FA option.

Source:
https://www.theverge.com/2020/1/15/21066768/google-iphone-ios-security-key-2-factor-authentication

Continue Reading

Security

Samsung made a fingerprint-secured portable SSD

Published

on

By

Portable SSDs have become quite popular lately but only a handful of them offer proper security so Samsung is taking matters into its own hands by introducing the T7 Touch with fingerprint reader identification. This way you can rest assured that your sensitive data is safe even if you misplace the actual drive.

Samsung made a fingerprint-secured portable SSD

The T7 Touch succeeds the T5 from last year by offering a capacitive fingerprint scanner and AES 256-bit hardware encryption and password for added security. Moreover, the T7 Touch boasts about 1 GB/s read and 1 GB/s read speeds, which is almost twice as fast as its predecessor.

Connectivity options include USB-C to USB-C and USB-C to USB-A while the connector of the device supports 10Gbps speeds over USB 3.2 (Gen 2).

The T7 Touch comes in three flavors – 500GB for $129, 1TB for $229 and 2TB for $399 with planned availability this month. The available paint jobs of the titanium case are black and silver and the whole thing weighs just 58 grams.

Source:
https://www.gsmarena.com/samsung_made_a_fingerprintsecured_portable_ssd-news-40949.php

Continue Reading
Advertisement

Trending

%d bloggers like this: