Trojans are not such a common occurrence for Android, as is commonly believed. Despite the fact that they do exist and there are clearly more of them than for iOS, most of the users of the mobile OS from Google have never encountered them. This is not surprising. All you need is to download software only from Google Play and not use third-party sources, especially if they are not verified. After all, the likelihood of getting some malicious application is much higher there than anywhere else. But sometimes it happens that the main danger is not even the Trojan itself, but the bug that it exploits.
Android is not as secure as it might seem
In Android 9 Pie and earlier, a bug called Strandhogg 2.0 was discovered that allows fake apps to replace the original. If you do not go into the technical details of the error, which most of our readers are completely uninterested in, everything is quite simple. The moment the user launches the original application – and it doesn't matter what kind of application it will be – a fake one will be launched, which will replace the original on the screen.
Fake apps for Android
The launch of a real application provokes the launch of a fake
If the attacker approached the question responsibly and copied the original design with sufficient quality, the user would not be able to distinguish the interface of the real application from the fake one. However, there is no need to copy the entire interface. It is enough just to copy the authorization page, on which the username and password are entered, and slip it on an unsuspecting victim. She, most likely, will not realize that the login window is fake, since the original application was launched, and will enter her credentials, which will immediately fly away to the attackers.
Applications that exploit the bug can infiltrate the device in a variety of ways, but the most common is downloading from questionable sources. Users looking for hacked versions of paid apps on the Internet download malware that pretends to be what they are looking for, install it on their smartphone, fail and forget about what happened. However, in the meantime, the application remains on the device and waits for the user to launch a bank client, social network or mail in order to steal access data.
According to information security researchers at Promon, this bug is extremely dangerous. It allows attackers to act as stealthily as possible, since it does not imitate the original application and does not try to clone its icon, but simply starts at the moment of its launch. And because of the novelty of this attack, most antivirus programs are not yet able to correctly identify it and warn users about the danger, opening a complete blank check to the attackers. After all, the launch of the fake program provokes the bug itself, and it does not contain any malicious elements.
Protection Android from viruses
The most reliable way to protect yourself from malicious attacks is not to download applications from the Internet.
Google, for its part, claims that it knows about the bug, and attempts to exploit it by third-party software are suppressed by the Google Play Protect antivirus, which is built into all Android smartphones with support for Google Mobile Services. That is, in fact, the vast majority of devices are protected, with the exception of a very small circle. Apparently, Google has forgotten that a whole niche of smartphones is developing under its nose from Huawei and Honor, which Google Mobile Services does not support and, accordingly, does not have protective mechanisms typical for everyone else. devices.
As a person who has never become a victim of Trojans, I have always advised you to monitor the permissions you give to newly installed applications. After all, it was through them that they could gain control over the device. But applications that exploit the Strandhogg 2.0 bug do not ask for permissions at all, since they do not need access to any geolocation services, or to memory, or to a camera. They don't spy, but directly collect account credentials for the benefit of their creators. Therefore, it remains to use only Google Play and hope that Google is not lying, and Google Play Protect can really protect against such attacks.