Google Play Store always finds a reason to stay in the news with malware apps, which pose threat to users,  making it to the platform despite security checks being in place. The latest to join the long list is the ‘Strandhogg’ vulnerability which targets banking apps on Android smartphones and puts your money at risk. Security researchers from Promon have discovered the  ‘Strandhogg’ vulnerability, which allows malicious apps to pose as legitimate ones, giving hackers access to private SMS messages and photos, steal login credentials, track the movements of users, record phone conversations, and spy on people through the phone's camera and microphone.

COMMERCIAL BREAK
SCROLL TO CONTINUE READING

In a blog post, Promon claimed that the new vulnerability has affected all Android versions including the latest Android 10. It said that all the top 500 popular apps are at risk because of this vulnerability with 36 malicious apps already identified. Notably, hackers don't require root access to exploit this vulnerability in Android devices. Once hackers have access to these affected devices they can potentially get every data and more remotely.

WATCH Zee Business TV LIVE Streaming Online -

The malicious apps exploiting the flaw included variants of the BankBot banking Trojan, which has been seen as early as 2017 and is one of the most widespread banking trojans around. Promon believes that this malware sample made its way through dropper apps or hostile downloaders in Google Play Store which are usually missed.

In response to the findings, Google claims to have removed malicious apps from its Play store.

"We appreciate the researchers work, and have suspended the potentially harmful apps they identified," Google said in its statement carried by BBC. "Google Play Protect detects and blocks malicious apps, including ones using this technique. Additionally, we're continuing to investigate in order to improve Google Play Protect's ability to protect users against similar issues," the tech giant added.