Report: Android Vulnerability Allows Hackers to Steal Crypto Wallet Info

Published at: Dec. 3, 2019

Promon security researchers have uncovered a vulnerability that could allow cybercriminals to access private data on any Android phone.

500 most popular apps are at risk

On Dec. 2, the Norwegian app security firm Promon revealed the discovery of a dangerous Android vulnerability called StrandHogg, which has reportedly infected all versions of Android and has put the top 500 most popular apps at risk. Promon CTO Tom Lysemose Hansen commented:

“We have tangible proof that attackers are exploiting StrandHogg in order to steal confidential information. The potential impact of this could be unprecedented in terms of scale and the amount of damage caused because most apps are vulnerable by default and all Android versions are affected.”

How does StrandHogg work?

StrandHogg poses as any other app on the infected device and tricks users into believing that they are using a legitimate app. The vulnerability then allows malicious apps to phish users' credentials by displaying a malicious and fake version of a login screen. The report reads:

“When the victim inputs their login credentials within this interface, sensitive details are immediately sent to the attacker, who can then login to, and control, security-sensitive apps.”

Aside from stealing personal information like crypto wallet login credentials, StrandHogg can also reportedly listen to the user through their microphone, read and send text messages, and access all private photos and files on the device, among other nefarious exploits.

The Promon researchers further pointed out that they have disclosed their findings to Google last Summer. However, while Google did remove the affected apps, it does not appear as if the vulnerability has been fixed for any version of Android.

Criminals use YouTube to install cryptojacking malware

In November, the Slovakian software security firm Eset uncovered that cyber criminals behind the Stantinko botnet have been distributing a Monero (XMR) cryptocurrency mining module via Youtube. The major antivirus software supplier reported that the Stantinko botnet operators had expanded their criminal reach from click fraud, ad injection, social network fraud and password stealing attacks, into installing crypto mining malware on victims' devices using Youtube.

Tags
Blockchain
Cryptocurrencies
Hacks
Google
Malware
Related Posts
Bitcoin Ransomware and Remote Working: What the Future Holds
The new work-from-home culture is gaining more traction than ever before as businesses, government departments and schools try to remain afloat while flattening the pandemic curve. This migration to remote working is a double-edged sword that creates a fertile land for cybercriminals to thrive on. There is no way that cyberattacks can be eliminated completely. The best that companies can do is minimize the frequency of the threats. What is ransomware? Cybercriminals use malicious software code to block people or organizations from accessing their computer systems until a ransom has been paid. Cryptocurrencies such as Bitcoin (BTC) have made it …
Technology / Aug. 21, 2020
Hackers Increasingly Rely on Trojans to Deploy Ransomware Attacks
A study by risk solutions provider, Kroll, identified a growing trend in the use of Qakbot trojan, or Qbot, to launch email thread hijacking campaigns and to deploy ransomware attacks. According to the findings in conjunction with analysts from the National Cyber-Forensics and Training Alliance, or NCFTA, cybercriminals seek to steal financial data from multiple industries like media, education, and academia. However, the COVID-19 pandemic has helped the attacks target the healthcare sector as well. The trojan is reportedly being used as a “point of entry” by the operators behind the ProLock ransomware gang. The report suggests that victims are …
Blockchain / June 10, 2020
Expert Warns: Don’t Trust Ransomware Groups Amid Pandemic
A cybersecurity expert explained why he is convinced that the promises made by ransomware groups amid the pandemic are irrelevant. Brett Callow — threat analyst at cybersecurity firm Emsisoft — told Cointelegraph that multiple ransomware groups recently made promises to halt their activity against medical organizations amid the coronavirus pandemic. Still, he believes that those promises are irrelevant: “The claims of a ceasefire made by ransomware groups are irrelevant [and] should be completely disregarded. Would you leave your front door unlocked simply because the local burglars had pinky-promised not to rob you? Probably not. The story of the frog and …
Blockchain / April 16, 2020
Cybersecurity Firm Releases WannaCryFake Bitcoin Ransomware Fix
Cybersecurity firm Emsisoft has released a solution for Bitcoin (BTC)-demanding ransomware WannaCryFake. Pay Bitcoin in return for your data In a Sept. 25 blog post, Emsisoft announced that they are releasing a new free fix for the WannaCryFake ransomware bug. The WannaCryFake is the next version of the WannaCry worm, a type of malicious software program that first began spreading across computer networks in May 2017. When a computer system is infected with the WannaCryFake worm, data is held hostage and a payment in Bitcoin will be requested to decrypt the files and release access to data. Emsisoft explains: “WannaCryFake …
Blockchain / Sept. 26, 2019
Coinomi Wallet Addresses Vulnerability Concerns
Coinomi Wallet denied recent claims that its software sends wallet recovery seed phrases to Google’s remote spell checker servers in plain (unencrypted) text. The company refuted the claims in an official statement published on Feb. 27. In the statement, Coinomi claims that, unlike what was reported, the seed phrase transmission was encrypted via SSL (HTTPS), with Google being the only recipient capable of decrypting the message. Coinomi notes that the phrase was only transmitted if the user chose to restore his wallet and only on the desktop version. Finally, Coinomi states that the spell-check requests sent to Google were not …
Blockchain / Feb. 27, 2019