A bug has been identified in the Android operating system wherein legitimate apps are hijacked by malicious apps to perform malicious operations.
As per the survey of the Play store, more than 60 financial institutions are under the target.
The bug was found by Promon, a Norwegian app security company. To harvest data, the bug inserts the fake login screens into legitimate apps. The bug trick users wherein they click on an overlay created by attackers and think they are using a legitimate app.
The issue came into limelight when Eastern European security company informed Promon that money is being disappeared from customer accounts in several banks in the Czech Republic.
A sample was provided to Promon to conduct research analysis for any flaw. StrandHogg security flaw was discovered in the sample analysis.
To confirm the vulnerability Promon partnered with a US-based mobile security firm – Lookout and discovered 36 apps that were exploiting it.
Promon also informed that these apps are installed as second stage payloads and not available through official play store directly.
Later, in a statement, Google said: "We appreciate the researchers' work and have suspended the potentially harmful apps they identified."
Google will continue to work against any such issue to protect its users.
Tags : Android, Norwegian app, bug trick, Eastern European, StrandHogg security, US,