Just recently, a group of researchers from Norwegian mobile security firm Promon flagged a critical security flaw, called StrandHogg, in Android phones.
The company claimed the loophole exists in the multi-tasking system of Android and that threat actors have been exploiting it with malicious apps that compromise legit apps and steal confidential login passwords, location, messages, and other private data from them.
How the vulnerability is used for attack
Once the malicious app, disguised as a normal app, is delivered on the targeted phone, it exploits the bug and begins to display fake overlays on top of legit apps.
The overlays look authentic and trick the user into giving away their confidential login-passwords for social media service, even bank accounts.
Similarly, they can also lure users into giving additional permissions for spying.
Photos, messages, location could also be compromised
With fake permission prompts in legit apps, users can also be tricked into giving access to location, messages, which contain OTPs or two-factor codes, as well as allowing recording calls or tracking the real-time activity, including photos/videos, on the device.
Several banking institutions compromised with the malware
The researchers discovered the vulnerability while analyzing apps reported to be draining bank accounts.
In all, they found that these malicious programs exploited this loophole and targeted over 60 separate financial institutions.
"It targeted several banks in several countries and the malware successfully exploited end-users to steal money," Tom Hansen, the CTO of Promon, said, adding that "We'd never seen this behavior before."
Google took action following Promon's report
While the complete impact of the bug and malicious apps exploiting it remains unclear, Google has now patched the vulnerability.
The company issued a statement saying that it had closed the loophole and have suspended the potentially harmful apps using it from the Play Store.
"We appreciate the researchers' work," the company said, adding that "we're continuing to investigate...to protect users against similar issues."