"Crooks Are Exploiting Unpatched Android Flaw to Drain Users’ Bank Accounts"
A new Android vulnerability, called StrandHogg, could be exploited by attackers to steal mobile banking credentials and money from bank accounts. The discovery was made by the Norwegian app security company, Promon, after being informed by Wultra, an Eastern European security company, about the disappearance of money in customer bank accounts in Czech Republic. The investigation of StrandHogg revealed that it affects all versions of Android and puts the top 500 most downloaded Android apps at risk. This malware is said to be unique because it can be executed without having to root a device or get special permissions on the device. StrandHogg abuses a flaw in Android's multitasking system to launch attacks that would enable malicious apps to appear legitimate. This article continues to discuss the StrandHogg vulnerability in relation to its discovery and capabilities, as well as what Android users should lookout for.