Promon security researchers have uncovered a vulnerability that could allow cybercriminals to access private data on any Android phone.

500 most popular apps are at risk

On Dec. 2, the Norwegian app security firm Promon revealed the discovery of a dangerous Android vulnerability called StrandHogg, which has reportedly infected all versions of Android and has put the top 500 most popular apps at risk. Promon CTO Tom Lysemose Hansen commented:

“We have tangible proof that attackers are exploiting StrandHogg in order to steal confidential information. The potential impact of this could be unprecedented in terms of scale and the amount of damage caused because most apps are vulnerable by default and all Android versions are affected.”

How does StrandHogg work?

StrandHogg poses as any other app on the infected device and tricks users into believing that they are using a legitimate app. The vulnerability then allows malicious apps to phish users' credentials by displaying a malicious and fake version of a login screen. The report reads:

“When the victim inputs their login credentials within this interface, sensitive details are immediately sent to the attacker, who can then login to, and control, security-sensitive apps.”

Aside from stealing personal information like crypto wallet login credentials, StrandHogg can also reportedly listen to the user through their microphone, read and send text messages, and access all private photos and files on the device, among other nefarious exploits.

The Promon researchers further pointed out that they have disclosed their findings to Google last Summer. However, while Google did remove the affected apps, it does not appear as if the vulnerability has been fixed for any version of Android.

Criminals use YouTube to install cryptojacking malware

In November, the Slovakian software security firm Eset uncovered that cyber criminals behind the Stantinko botnet have been distributing a Monero (XMR) cryptocurrency mining module via Youtube. The major antivirus software supplier reported that the Stantinko botnet operators had expanded their criminal reach from click fraud, ad injection, social network fraud and password stealing attacks, into installing crypto mining malware on victims' devices using Youtube.