Security News > 2020 > May > StrandHogg 2.0 Vulnerability Allows Hackers to Hijack Android Devices
Researchers at Norwegian app security company Promon on Tuesday disclosed the existence of a serious Android vulnerability that allows a piece of malware to hijack nearly any application installed on the victim's device.
In December 2019, Promon warned that an Android vulnerability, which it dubbed StrandHogg, was being exploited by tens of malicious Android apps to escalate privileges.
Just like the original vulnerability, StrandHogg 2.0 can be exploited to hijack apps, but the company warns that "It allows for broader attacks and is much more difficult to detect."
Promon says StrandHogg 2.0 does not affect Android 10, but the company notes that roughly 90 percent of Android devices currently run older versions of the mobile operating system.
The security firm says it's not aware of any malware exploiting the new vulnerability, but it expects hackers to leverage StrandHogg and StrandHogg 2.0 together "Because both vulnerabilities are uniquely positioned to attack devices in different ways, and doing so would ensure that the target area is as broad as possible."
News URL
Related news
- Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login Credentials (source)
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System (source)
- Google patches actively exploited Android vulnerability (CVE-2024-43093) (source)
- Week in review: Zero-click flaw in Synology NAS devices, Google fixes exploited Android vulnerability (source)