Attackers are then able to create fraudulent financial transactions. “A common tactic for banking trojans is to trick users into disclosing their banking credentials to the attacker by displaying a fake login screen over legitimate mobile banking apps. Some of those attacks rely on the target device being rooted, but the StrandHogg vulnerability does not.Īn attacker who is able to exploit the vulnerability would have broad permissions on the target device, including the ability to read and send texts, take photos, turn on the microphone, harvest user credentials, and more. ![]() ![]() Screen overlay attacks are quite common on mobile devices, especially in regions where mobile devices are the dominant method people use to access their bank accounts. In the attacks that researchers have identified thus far, attackers are using banking trojans to produce overlay screens that look exactly like legitimate banking apps and harvest users’ credentials. The vulnerability has been named StrandHogg and it affects all of the current versions of Android, including Android 10. ![]() ![]() A quirk in the way that Android handles multitasking on mobile devices has created a vulnerability that researchers say is being used by attackers to impersonate legitimate apps and steal user information, and in some cases money from bank accounts.
0 Comments
Leave a Reply. |