Hackers Posing as “Genuine” Apps Are Fooling Users into Giving Them Full Smartphone Access

Catherine Harris

By Catherine Harris


A new exploit was recently discovered that has proved worrisome for many Android users. It’s a vulnerability that allows malware to present itself to the user as a genuine app, giving the hacker access and control over the user’s device. It also allows attackers access to SMS messages, camera, microphone and various other functions on the phone.

This Android vulnerability has been named ‘StrandHogg’ (an old Nordic word for Viking pillaging tactics!) by the researchers who first discovered it and released details to the public.

The most worrying thing about this bug is the fact that it can be executed without alerting the user as to what is happening.

This represents another in a long line of problems faced by Google regarding apps containing malicious code slipping under their radar. This is a huge problem for the reputations of both Android and the Google Play Store – which is somewhat renowned for being both less reliable and user-friendly than Apple’s App Store’.

Free anti-spyware for Android

Download Certo Mobile Security from the Play Store now to find and remove spyware such as mSpy.

So, how does the StrandHogg Android exploit work?

The hack works by basically allowing malicious software to present itself to the user, as nothing more than an app they are already using on a regular basis. By ‘app’ that can mean any application – even mainstream ones such as Facebook, Instagram, or Snapchat.

All the malware has to do is request permission for a function from the user and “hey presto!” Pandora’s box is burst wide open – releasing all the user’s information to the hacker without that person being any the wiser. It looks something like this:

  1. The user taps on the icon of the real version of the app they want to use.
  2. Instead of seeing the app, malicious code is loaded in the background and now requests permissions from the user whilst imitating the original app.
  3. The user allows the requested permissions, giving the hacker everything they need.
  4. The victim is directed back to the legitimate app – usually with no clue as to what has just happened.

So far researchers have identified 36 apps that are exploiting this tactic (which doesn’t require root access, by the way), all of which can use the latest Android 10 operating system.

Some of these apps (known as ‘dropper apps’) used to deliver the malicious code for this exploit have been downloaded over 100 million times since they were uploaded to the Google Play Store. Additionally, despite Google’s efforts to remove all of the apps that are using this code, there are still apps sneaking under Google’s noses and making their way onto users’ devices.

This goes to say that it is incredibly important to ensure that you have a good security setup for your device.

If you’re worried about your phone’s security, then be sure to check out our free scanning app for Android – this will allow you to check for any spyware or malware currently residing on your device, and will help you to remove these threats completely.