Don’t fall for this trap hackers are using to steal Android user credentials

December 5, 2019

By Kim Komando

It’s tough to be an Android user sometimes. Not only is this advanced operating system struggling in the war against cybercrime, its own app store is regularly compromised by apps that harm, spy on or downright steal from users. Tap or click here to see the latest batch of malicious apps found on the Google Play store.

Why is Android such a target for cybercriminals? Well, there’s more variety to Android phones and they make up well over 80% of smartphones in the world today. Just like how Windows PCs are more popular targets than Macs, Android’s wide user base is seen as a prime hacking opportunity.

A new security flaw has been discovered in Android devices that makes it even easier to steal your data. By taking advantage of a flaw, hackers can set up fake login screens to trick users and steal their info. What’s worse, they’ve apparently been doing it for a while now. Here’s what to look for.

Squashing a serious bug

According to new reports from TechRadar, researchers at Norwegian cybersecurity firm Promon have discovered a critical flaw in Android’s app multitasking system. When exploited, hackers can inject fake login pages for social media platforms, banks and email services to steal data and passwords from users.

This flaw has apparently already been taken advantage of several times in the past by hackers who attack their targets using malicious apps that “infect” others on the user’s phone with fake login screens.

The flaw, dubbed “StrandHogg,” affects all versions of Android, including the newest release — Android 10. When a malicious app containing the StrandHogg payload is installed, nearly every other app the phone’s owner uses or downloads is at risk of corruption.

The same malicious apps that deliver StrandHogg can also trick users into approving permissions that would allow hackers to effectively spy on users.

Researchers quietly pointed out several of the malicious apps to Google, and like clockwork, Google removed them from the store before anyone had a chance to see what they were. Click or tap to see how Google keeps doing this every time compromised apps are discovered.

How can I stay safe from this security flaw?

Because we no longer have access to the apps that exploited the flaw, there’s no way of really knowing if your phone was infected or not. That said, removing unusual or unfamiliar third party apps is a solid start to cleaning your phone, and can potentially remove other malware that may be hiding from you.

It’s also worth mentioning you should never simply log into any account when exposed to a pop-up demanding you do so. Most of the time, it’s just malware in disguise.

The researchers at Promon emphasize the flaw still exists, and that Android users should exercise caution any time they download an unfamiliar app. To stay safe, avoid downloading apps that aren’t developed by familiar companies or groups.

Additionally, never use a third-party app store under any circumstances. These platforms are breeding grounds for the worst kind of malware, and considering how much precious data is found on the average phone, it’s just not worth the risk.

Even without a list of corrupted apps, we do have more details on apps you might want to steer clear of for the good of your Android. Click or tap here to see our guide to the worst apps you can download on Android.