What Should You Know About Strandhogg?


There is a dangerous susceptibility in the Android operating system called Strandhogg. You know the
researchers mentioned that every single Android app is negatively influenced by the vulnerability which
attackers may easily exploit to access sensitive data, steal your banking credentials, and even that of
swipe log-in codes sent through SMS.

The point is without even your knowledge, your device can get impacted by it. Of course, if there are
proper provisions in the mobile, you can be sure that you are guarded. But generally, people do not pay
much attention to the security aspect. It is really unfortunate that this is one of the strongest and most
risky threat and many people are not even aware of it.

What can hackers do with it?

With this , hackers or attackers can easily distribute malicious applications on the Android App Store or
APK download on other different websites. Even some researchers say that this vulnerability allows
attackers to easily launch sophisticated malware attacks without any need for the Android device to get
rooted. The thing is that the attackers get the ways to hack the device because of the multi-tasking
capabilities of the android platform.

The Android vulnerability that is getting exploited in the wild as a malevolent app could easily steal the
banking and financial credentials of the users. As per some android security researchers, once the user
opens the application on their device, the malware might display a forged UI over the actual and real
application. Now, being a user, when you would open your application, you would think that it is a
legitimate application and you would fill in your name and password. Hence, you would end up sharing
your confidential details with the attackers. In this way the attackers or the hackers would steal your
data and breech your privacy. You would not even get to know what happened and you are a victim.
Similarly, this type of attack could also permit a malicious app to carry out a “privilege escalation” by
simply activating tricking users into granting permission they generally do not permit , like permissions
to read different text messages, view location data, listen to all the phone calls, or even that of access
the device camera. Now, don’t you feel it is so risky and dangerous for your privacy and professional

What is the working of this vulnerability?

If you listen to the attackers, it is a flaw that takes place during multitasking, particularly when a user is
switching amidst tasks or processes for diverse applications or operations. The Android operating
system makes use of a method known as “task re-parenting,” which actually diverts the power of
processing of processor power toward the app that is presently being used on the screen.

Moreover, this also uses “task re-parenting” once the user taps on any genuine application, but the
malicious code in the application is simply fired up at the same time. The researchers even mention that
they have already seen that in use, and it is improbable that the user would even get to spot the

Furthermore, it may leave you shocked that this vulnerability did not even require any sort of root
access of the device and worked on all types of the versions of the Android operating system in the
absence of any additional permissions than the ones required by genuine apps. Remember, no matter
on which version of android you are on, you cannot simply think that you are safe. This vulnerability is a
threat to everyone.

What even confused researchers was the fact that the malware had somewhat managed to regularly slip
under the locator on Google Play, leading to the overall spread of malicious code that exploits the flaw.
Though the particular malware sample that researchers analyzed did not stay on the app store, it got
installed via several dropper apps or that of hostile downloaders distributed on Google Play. The point is
it is there and can slip into your device like that.

Some researches even mentioned that the malicious are being distributed via the Google Play store
through downloader apps or even that of “droppers” as second-stage payloads. It means that a user
unintentionally installs a spiteful app, which then downloads that of the attack app with the user’s
knowledge or permission to simply perform the attack. A dropper is a kind of app that pretends to have
the same type of functionality as that of a famous or popular app, like a utility, game, or even photo-
editing app, but in reality, it installs extra sets of applications that can execute malicious tasks in the
background. A legitimate-looking dropper might , then, install malware that takes overall advantage of
the vulnerability. 

Detecting the Attacks

Some professionals and researches are on the same page that it is practically impossible to detect any
attack by a regular user, as there is no type of effective method to identify or block it. However, they
said that a mobile or device user getting targeted might notice several inconsistencies, for example, an
app asking them to sign in when they have already done so. The researchers said that users must be
really aware of unusual requests made by apps that do not really require it: for example, a calculator
app asking you for GPS permission. Other than this, in case being a user, you notice buttons on the app
that do not work or a back button that displays any sort of unexpected behavior, you must get
suspicious. In addition, any sort of typographical errors and mistakes in spellings must also raise doubt.
Once you are thoughtful about all these things, being a user or operator, you can be sure that you deice
is safe. Of course, there are tools too that may help you to much extent to stay guarded from this
vulnerability and many more.


So, when you have professionals like AppSealing on your side, you can ensure that all your devices are
guarded. You can talk to them and find out some tools that may help you guard your devices against