Wultra helped to identify a banking login stealing malware StrandHogg, which exploits security weakness found in Google’s Android OS.

Petr Dvořák
Dec 3, 2019 · 2 min read

Over 40 financial institutions were targeted by malware which can steal banking login credentials from Android mobile apps.

Through close cooperation with our technology partner, the Nordic company Promon, we helped to identify a dangerous Android vulnerability (dubbed StrandHogg) which was recently reported on BBC.

Our security researchers at Wultra identified this malware, which tricks users in a very original way, through an overlay screen created by the attackers. Several infected apps within our Wultra’s “Threat Intelligence database” targeted a total of over 60 package names of 40 financial institutions, with the most significant number of occurrences in several countries across Europe (Poland, Spain, Czech Republic and Austria, to name a few).

An infected mobile app, using the StrandHogg vulnerability, hijacks a legitimate app and performs malicious operations on its behalf. The infected apps that we have detected were not available through the official Play Store; what we found out is that users initially installed other malicious apps (“droppers”) via Google Play Store, which then downloaded a second-stage payload app capable of more intrusive attacks, by exploiting the StrandHogg vulnerability.

Wultra worked closely with Promon, a Norwegian-based company specialized in in-app security protection and provided them with a sample of the malware. Promon then further explored the scope and potential of this malicious hijacking bug through the Android OS and, together with Lookout (a US-based mobile security company), the vulnerability was confirmed through the discovery of 36 apps that were currently exploiting this security flaw.

Promon also confirmed, once its security researchers tested the Top 500 most popular Android apps on Google Play Store, that all apps’ processes can be hijacked to perform malicious actions via a StrandHogg attack.

Wultra Blog

Blog posts by Wultra company

Petr Dvořák

Written by

CEO and Founder of Wultra. Speaker. Author of PowerAuth, QR Platba and 6 mobile banking apps. Interested in #business, #mobile, #tech and #security.

Wultra Blog

Blog posts by Wultra company

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade