Android users across the world are being infected by a new malware strand called ‘StrandHogg‘ under the cover of legitimate-looking applications. It asks for permissions and then begins performing nuisance activities such as reading messages, capturing photos or generating fake logins for popular apps.
How does this work?
Research by Norway-based computer security firm Promon indicates that StrandHogg affects all versions of Android, even fully updated devices. It does not require root access.
However, Promon adds that:
“The specific malware sample which Promon analysed did not reside on Google Play but was installed through several dropper apps/hostile downloaders distributed on Google Play. These apps have now been removed, but in spite of Google’s Play Protect security suite, dropper apps continue to be published and frequently slip under the radar…”
How can fake apps be identified?
If something about the app you are using seems anomalous, it’s best to be skeptical. Be absolutely certain about the legitimacy of login forms and do not give any app extra permissions if it suddenly asks for them.
Some identification tips shared by Promon are as follows:
- An app which you are already logged-in asks for login again
- Permission pop-ups without app’s name
- Odd permissions such as a calculator app asking for GPS access
- Visible defects (typos/mistakes) in the user interface
- Empty/dummy buttons on the interface
- Back (return) button does not work
Once such ‘dropper’ apps secure access to your device, it is easy for them to appear legitimate.
Getting rid of StrandHogg
You can factory-reset your device or delete suspicious apps.
Alternatively, you can download Lookout’s Security & Antivirus app.
This does not, however, guarantee that all StrandHogg-related dropper apps will be identified.