Android: New StrandHogg vulnerability is being exploited in the wild

944

Security researchers from Promon, a Norwegian firm specialized in in-app security protections, said they identified a bug in the Android operating system that lets malicious apps hijack legitimate app, and perform malicious operations on their behalf.

In a comprehensive report published today, the research team said the vulnerability can be used to trick users into granting intrusive permissions to malicious apps when they tap and interact with legitimate ones. The vulnerability — which Promon named StrandHogg — can also be used to show fake login (phishing) pages when taping on a legitimate application.

[Source: ZDNet]