[StrandHogg] Android user vulnerability

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

Quote from: Theb on December 09, 2019, 04:11:06 PM

My other point is that the criminals and hackers are actually getting smarter by the day from developing phishing sites, and apps now they have developed a vulnerability that can mimic legitimate apps to steal our money.

That is why it is important that we who use cryptocurrency try to be at least one step ahead of them. In order to do this, we need to be aware of certain things, which is that security does not come by itself. Using smartphones is something positive, it certainly makes our lives easier to some extent, but too old phones do not receive security patches, and are additionally exposed to attacks.

Add to that the fact that most do not use any protection (av/antimalware) on their smartphones and we have a huge database of potentially vulnerable users. I suspect that Android will increasingly be targeted by hackers, and would therefore recommend to anyone who does not have an adequate level of protection to avoid any banking/crypto apps.

Theb

hero member

Activity: 1680

Merit: 655

Quote from: Lucius on December 06, 2019, 06:47:03 AM

Quote from: Theb on December 05, 2019, 01:32:18 PM

About a month or so I was reading news about this xHelper app that was also available in the playstore where the users who have downloaded it has virtually no solutions on completely removing the app that even factory resetting your phone won't completely wipe it out....

I posted about that in this thread, but what OP posted is something completely different and much more dangerous then xHelper malware. As you say it only showing ads even on your home screen, and it also redirects you to some bad sites in a browser, but StrandHogg is actually imitating real applications (mostly for internet banking) and in that way steals user data.

Yeah I know, I was only giving examples for maxreish and for other members that criminals are literally everywhere and is covering a lot of platforms which we think are safe. My other point is that the criminals and hackers are actually getting smarter by the day from developing phishing sites, and apps now they have developed a vulnerability that can mimic legitimate apps to steal our money. This isn't really a time to be careless now and let the majority of our holdings out in the open where scammers can potentially hijack it.

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

Quote from: Theb on December 05, 2019, 01:32:18 PM

About a month or so I was reading news about this xHelper app that was also available in the playstore where the users who have downloaded it has virtually no solutions on completely removing the app that even factory resetting your phone won't completely wipe it out....

I posted about that in this thread, but what OP posted is something completely different and much more dangerous then xHelper malware. As you say it only showing ads even on your home screen, and it also redirects you to some bad sites in a browser, but StrandHogg is actually imitating real applications (mostly for internet banking) and in that way steals user data.

Quote from: libert19 on December 05, 2019, 09:11:10 PM

It was only discovered couple days ago, so android update should patch it soon. Keep your system up to date!

I receive some patch last night on my Huawei marked as important/critical, not sure if it has to do anything with a specific threat, but I'm glad they respond quickly to any threat.

libert19

hero member

Activity: 2520

Merit: 952

It was only discovered couple days ago, so android update should patch it soon. Keep your system up to date!

Also, be very careful with permissions you give to apps, if any app asks you for device administrator/credential storage permission, it's likely to be shady.

Theb

hero member

Activity: 1680

Merit: 655

About a month or so I was reading news about this xHelper app that was also available in the playstore where the users who have downloaded it has virtually no solutions on completely removing the app that even factory resetting your phone won't completely wipe it out, and this app's only activity is to pop ads in your phone, the sad thing about this is Google didn't answer in any kind of solution for the users who got victimized by this app downloaded to their play store. So which leads me to point that I think Google needs to step up their game when it comes to screening the apps being put into the Playstore since literally any developer can upload a file there. They should really test the apps first before they even make it available to see if they are clean and safe for the users to download.

crwth

copper member

Activity: 2940

Merit: 1280

https://linktr.ee/crwthopia

Quote from: o_e_l_e_o on December 05, 2019, 08:06:15 AM

Far too many people do this. Installing a bunch of useless mobile apps or browser extensions, and then granting them any permissions they ask for.

Right now, I rely on my anti-virus software to detect all the possible malicious attacks that can get to my device. IIRC, it also shows a notification if a certain program asks for permission. The thing I'm worried about is when it asks to have the file changing (permission?) towards the PC. That could easily be a red flag.

Quote from: o_e_l_e_o on December 05, 2019, 08:06:15 AM

This behavior is also a huge privacy risk. Everyone should go through their phones, uninstall every useless or pointless app, and revoke all unnecessary permissions from the ones they are keeping.

This could help the user to be more organized, too, if you check all the applications that are less of your worries. Depending on the phone, look at the least used applications in your phone then act accordingly, removed. Storage and Memory savings. You better have control over your private information.

It's best to be prepared whenever you have sensitive data like backups of your files, phones, pictures, etc. You won't regret backing up everything.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18748

Quote from: Lucius on December 05, 2019, 05:58:37 AM

Google is for sure doing bad job, but most people trust blindly to that service, and that is a big problem.

Better to aim to educate rather than just leave people at the hands of Google.

Quote from: crwth on December 05, 2019, 07:23:11 AM

This could be an eye-opener to some who install different applications and accepts the permissions on their service without even checking what authority they are asking for.

Far too many people do this. Installing a bunch of useless mobile apps or browser extensions, and then granting them any permissions they ask for. There have been posts in here over the last few months from people who had had their seed stolen because they installed a third party keyboard app which was logging and transmitting everything which was typed on it, and another who was infected by a background they installed which asked for access to storage and internet, and they approved it without thinking.

This behavior is also a huge privacy risk. Everyone should go through their phones, uninstall every useless or pointless app, and revoke all unnecessary permissions from the ones they are keeping.

crwth

copper member

Activity: 2940

Merit: 1280

https://linktr.ee/crwthopia

This could be an eye-opener to some who install different applications and accepts the permissions on their service without even checking what authority they are asking for. A lot of people, mostly android users, use cracked apps and permit it with different kinds of permissions and changes they can do with their phones.

It's not only just credentials that we need to work on but also the security of our device itself. Maybe that could be worked out when you study securing your information and becoming somewhat paranoid.

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

Quote from: o_e_l_e_o on December 04, 2019, 10:18:20 AM

This is poor advice to rely on to keep yourself and your device safe.

It works for me, and in any case, it's better than simply downloading something without ever checking it. Even though if I make the mistake and try to download a bad application, the next line of defense is antivirus software which stops installing such an application. Google is for sure doing bad job, but most people trust blindly to that service, and that is a big problem. However, in the end, I do not hold any critical and sensitive information on my smartphone, despite all the security measures the risk is simply too great.

I doubt the average user will ever download anything from GitHub, most have no idea that there is such a thing.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18748

Quote from: Lucius on December 04, 2019, 10:09:43 AM

always check if there is any review of the app and never download from anywhere then Google Play.

This is poor advice to rely on to keep yourself and your device safe.

There are many fraudulent apps out there which either pay for good reviews or have their own network of fake accounts which can spam good reviews, particularly on the Google Play Store. Similarly, sticking only to the Google Play Store will not keep you protected from malware, as they seem to do a particularly poor job of screening apps which are uploaded for malware and removing apps which are known to be malware. There are also many fake apps which are specifically designed to look like the real thing and fool users in to downloading them on the Google Play Store, again which seem to be up for weeks or even months before they are finally removed by Google. I don't trust Google with the most basic of personal information - I certainly don't trust them to keep my device safe from malware.

I'd much rather install an app directly from an open source GitHub or straight from the developer's own website, such as Electrum.

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

Quote from: o_e_l_e_o on December 04, 2019, 03:50:41 AM

Absolutely basic security practices such as paying attention to what you are downloading and only giving the minimum required permissions to apps which you are sure you can trust will protect you completely from this.

This is true, always check if there is any review of the app and never download from anywhere then Google Play. But sometimes this will not be enough to avoid infection, and mobile phone users should apply the same security practices as on desktop devices. This means that an antivirus program is something that can help in most cases, but most users avoid to use AV because slows their phones. But if you have a modern smartphone with at least 4GB or more RAM, and good CPU (in my case 6GB RAM+KIRIN 980 CPU) you will not even feel any system load.

Android is also full of security holes (itself as Windows), and we should install security patches whenever they are available. Without all that, you're actually a weak moving target that will be hit sooner or later.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18748

This has been blown way out of proportion. Here are the most important parts of the article:

Quote

StrandHogg poses as any other app

Quote

The vulnerability then allows malicious apps

In other words, you are only vulnerable to this if you download a malicious app and approve its request for various permissions, in the same way that you are vulnerable to any and every piece of malware in the world if you willingly download it and give it full access to your system or device. Absolutely basic security practices such as paying attention to what you are downloading and only giving the minimum required permissions to apps which you are sure you can trust will protect you completely from this.

There's also quite a lot of evidence out there that the company which revealed this "bug" - Promon - have done so as a marketing campaign for their own security products. There is no CVE entry despite them "reporting it to Google", and the "malicious app" they tested was downloaded from a untrusted third party site (not the Google play store). See below:
https://twitter.com/fs0c131y/status/1201761350231482368
https://twitter.com/MalwareJake/status/1201768837533904896

maxreish

sr. member

Activity: 1330

Merit: 326

I wish most people would know this and also be alarmed about this especially for android phone users.
They can get or access our confidential information and especially our cryptowallet.

Quote

“We have tangible proof that attackers are exploiting StrandHogg in order to steal confidential information. The potential impact of this could be unprecedented in terms of scale and the amount of damage caused because most apps are vulnerable by default and all Android versions are affected.”

This is how it works.

Quote

“When the victim inputs their login credentials within this interface, sensitive details are immediately sent to the attacker, who can then login to, and control, security-sensitive apps.”

Reference:

Code:

https://cointelegraph.com/news/report-android-vulnerability-allows-hackers-to-steal-crypto-wallet-info?fbclid=IwAR3MJ0AkJQK3aR8MnEY8IZPz3aOoMOOgEcrPbnvg_ULD1zfDR8fXUaBlX24

Topic: [StrandHogg] Android user vulnerability (Read 240 times)