Search
Get in Touch
News

Strandhogg 2.0 steals data by posing as legitimate Android apps

Android Central
Android Central

Only Android version 9 and below could be exploited by this new method, but it’s been fixed in the latest Android monthly security patch.

google-pixel-keys-security.jpg?itok=skJC

What you need to know

  • Security researchers have found another exploit similar to the original Strandhogg discovered back in December.
  • This version is more sophisticated, allowing it to pose as a legitimate app that users are putting their passwords into permission hijacking.
  • This exploit does not work with Android 10 and has been patched in the latest Android security fixes.

Looks like Strandhogg is back with an even more evil twin — and this is coming from someone who is an evil twin herself. Strandhogg 2.0, announced today by security researchers, once again tricks users into thinking that they’re putting their passwords into a legitimate app when they’re actually putting it into malware. The exploit is a more sophisticated version of the original Strandhogg exploit found back in December that made users think they were interacting with a legitimate website instead of a malware layer.

This new version only impacted Android 9.0 and below — Android 10 wasn’t susceptible to it — and Google has said that this has been fixed the latest Android security patches for previous Android versions. When I asked out in-house security guru Jerry Hildenbrand about how worried the average user would need to be about it, he summed it up pretty easily:

It seems sophisticated, so its not very likely to have ever been found or used “in the wild”. It was also patched in last security update, so even Google sees how important it was to close the hole even considering the above.

So, what happened here is the system seeming to work: some security researchers found an exploit, told Google and collected their bug bounty for it, Google patched the bug, and then the security researchers published what they found after most phones were protected by the new patch so that they could show off their work and remind us why security researchers matter.

Thanks, Promon, and nice logo.

  • Android Security Bulletin: Everything you need to know!

Previous article
You should use two-factor everywhere, and your PS4 is no exception!
Next article
We should be learning about the PS5 and its launch games very soon
Android Central
Android Centralhttps://www.androidcentral.com/

Latest posts

You can already save up to $50 on the new M4 iPad Air

The Verge - 0
In case you missed it, Apple announced a host of new devices this week, including both a new phone and a cheaper laptop. It...

The AI Doc is an overwrought hype piece for doomers and accelerationists alike

The Verge - 0
Co-director Daniel Roher. | Image: Focus Features We are in the thick of a massive push to incorporate generative AI into almost every aspect of...

Nintendo is suing the US government for a refund of Trump’s illegal tariffs

The Verge - 0
Nintendo of America is suing the US government over President Trump's tariffs and is demanding a "prompt refund, with interest" of any duties that...

Pokémon Pokopia review: Possibly the most charming Pokémon game yet

Engadget - 0
One of the biggest issues with mainline Pokémon games is that you're often so focused on catching, battling and trying to be the very...

Samsung Galaxy Buds 4 and 4 Pro review: Impressive audio, imperfect ANC

Engadget - 0
Samsung caught flak for the Galaxy Buds 3. The company’s mimicry of Apple’s AirPods was all too obvious last year when it opted for...

Nintendo is suing the US government over Trump’s tariffs

Engadget - 0
Nintendo of America is suing the US government, including the Department of Treasury, Department of Homeland Security and US Customs and Border Protection, over...

Ireland vs Wales Free Streams: How to watch Six Nations 2026 game, TV Channels, Preview, Team News

TechRadar - 0
Read more @ TechRadar

Google has quietly made Gmail, Docs, and other Workspace apps work better with OpenClaw

TechRadar - 0
Read more @ TechRadar

Wolves vs Liverpool Free Streams: How to Watch FA Cup 5th Round Tie 2025/26 Online From Anywhere, Team News

TechRadar - 0
Read more @ TechRadar

I’ve found three great DDR5 RAM deals from big-name brands with sizable savings — plus promo codes to cut the price even further

TechRadar - 0
Read more @ TechRadar

Want to stay up to date with the latest news?

We would love to hear from you! Please fill in your details and we will stay in touch. It's that simple!

The AIVAnet is a collector and classifier of app news articles and online technology news, which works automatically by collecting and collating the RSS feeds from popular sites (IOS news feed,latest tablet news, etc.).

The articles deal with mobile app reviews, especially with android reviews, and IOS. One of the central thematic axes is also the comparisons. You can find articles with tablet reviews, comparisons and mobile OS systems or mobile OS stats.

We also provide some of the most popular app news express, for android and IOS or windows phone. The online technology news that you can find in our pages are just opinions and ideology, allowing you to see how different news agencies present the same news.

AIVAnet is supported by Cloud Services Store

About Us

© AIVAnet | All rights reserved