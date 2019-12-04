Special By By Tim Sandle 35 mins ago in Technology A dangerous Android vulnerability known as StrandHogg has been discovered by Promon, affecting all Android devices. Sam Bakken of OneSpan looks at the new risk to smartphone users. In addition, some examples of malware attacking the vulnerability are variants of the notorious Bankbot Trojan, evidence that attackers are aware of the vulnerability and are actively exploiting it to steal banking credentials and money. To discover more, Digital Journal caught up with Sam Bakken, Senior Product Marketing Manager, Bakken begins by describing the new threat: “Promon, discovered malware in the wild that allows an attacker to gain access to a user’s SMS messages, photos, geolocation, contacts, phone logs, camera and microphone. In addition, the malware exploited the vulnerability to overlay a counterfeit log-in page over a legitimate app, unbeknownst to the user, and send any credentials the user enters straight to an attacker." Bakken goes on to look at the risks presented: "As you might imagine, criminals salivate over the monetization potential in stolen mobile banking credentials and access to one-time-passwords sent via SMS. Promon’s recent findings make the vulnerability as severe as it’s ever been." The time that the new threat has been around for is considerable, Bakken notes: " Consumers and app developers alike were exposed to various types of fraud as a result for four years. In addition, now, at least 36 examples of malware attacking the vulnerability as far back as 2017 have been identified—some being variants of the notorious Bankbot Trojan. This goes to show you that attackers are aware of the vulnerability and actively exploiting it to steal banking credentials and money." All is not doom and gloom, according to Bakken: "Luckily, app developers can take action to protect their apps and us users. Various mobile app security technologies under the umbrella of in-app protection, including app shielding and runtime protection make it easier for app developers to mitigate these windows of exposure resulting from security issues in both Android and iOS. 