New Android Bug Lets Malware Pose As Real Apps To Steal User Data

A new Android bug has been discovered by security researchers from Promon. The bug allows malware attacks almost any app and steals passwords and other sensitive information from the device. According to Techcrunch‘s latest report, all devices running Android 9.0 and earlier versions are vulnerable. This new bug named “Strandhogg 2.0”.

Note: StrandHogg 2.0 is similar to Strandhogg 1.0 vulnerability which was reported in 2019.

As no external configuration is required to execute StrandHogg 2.0, it allows the hacker to further obfuscate the attack, as code obtained from Google Play will not initially appear suspicious to developers and security teams. It will also be harder for antivirus and security scanners to detect and, as such, poses a significant danger to the users. It affects both unrooted and rooted devices which are more challenging for the application developers to protect the mobile apps.

This bug is classified as ‘critical severity’ in the May 2020 Android Security Bulletin  (CVE-2020-0096) by Google. We will provide a technical write-up on this bug in more detail soon.

Our team of experts will be able to consult and propose the right solution on how you can ensure your app is distributed and protected with appropriate security measures in place to mitigate the risks of attacks in the wild.

Contact us now at


Forgotten Password?