A cybersecurity researcher team recently found a critical vulnerability affecting multiple Android devices that allow hackers to implant malware into your mobile phone without your knowledge or consent by using a rogue Android app.
Researchers call it “Strandhogg 2.0,” and it affects all Android devices that run on Android 9.0 and earlier versions. All Android users must update their mobile devices to the latest security patch update. Cybercriminals can exploit this vulnerability to steal victim’s credentials, login information, or even allow hackers to access your phone’s camera, microphone, and photos.
What is alarming about this vulnerability is how easy hackers can exploit it with a simple rogue app without needing any prior access or attack from the victim. When the victim clicks on the rogue app, it covers a legitimate app, and when the user enters their login details, they end up giving away their sensitive information to the attackers.
Unfortunately, the researchers mention that there is no 100% perfect solution or way to remediate this vulnerability. However, Android OS has released an update to address this vulnerability in their March 2020 security patch.
