Researchers at Norwegian security firm Promon have discovered a serious Android vulnerability which can be exploited to steal login credential, access messages, track location and more.
Called StrandHogg, the vulnerability affects all versions of Android, including Android 10, and the researcher who made the discovery says that it “leaves most apps vulnerable to attacks”.
The best apps for Android
The best games for Android
The best Android phones of 2019
It works by exploiting a problem in Android’s multitasking system, enabling malicious app to overlay legitimate apps with fake login screens that fool users into handing over security credentials.
Victims can also be tricked into granting the malicious apps additional permissions, which then enable the apps to perform all manner of nefarious activities including intercepting texts and calls, and listening in via a phone’s microphone.