Showing posts with label cybersecurity. Show all posts
Showing posts with label cybersecurity. Show all posts

ALERT: Security Vulnerability in ALL Android Devices Puts Crypto Wallets At Risk...

This is as high-level of a security alert we can possibly give.

According to a report by Norwegian app security firm Promon, the Android operating system has a security flaw that allows cybercriminals to gain access to a user’s crypto wallet. The vulnerability, called StrandHogg, has infected nearly all versions of Android.

It was first announced in a tweet from the security firm stating "Serious Android vulnerability leaves most apps vulnerable to attacks. All versions of Android affected... and real-life malware is currently exploiting the flaw" along with a link to the report.

CTO for Promon, Tom Hansen explained:

"We have tangible proof that attackers are exploiting StrandHogg in order to steal confidential information. The potential impact of this could be unprecedented in terms of scale and the amount of damage caused because most apps are vulnerable by default and all Android versions are affected."

Once infected, the malware allows someone to mimic other apps. An identical clone of your wallet could replace your real one, stealing your password when you type it in.

Hansen continued "When the victim inputs their login credentials within this interface, sensitive details are immediately sent to the attacker, who can then login to, and control, security-sensitive apps."

In short - nothing is off limits to malware using this exploit.  Beyond stealing funds, Promon also claims they're able to listen to users through the infected phones microphone, read and send texts, and access all their private photos.

An update that closes this security hole is expected soon. 

Until then, the quickest way to make sure your safe is to retain the data needed to access your wallet later, and uninstall it for now.  If the wallet app isn't here, it can't be exploited. Just make sure you have everything you need to restore it, typically a login and a longer secret phrase.

Also remain off any websites that could potentially install malware, you know exactly which ones we're talking about. Not just the ones you wouldn't visit from the office, but sites with seemingly harmless things like free MP3s or TV shows as well.

-------
Author: Ross Davis
E-Mail: Ross@GlobalCryptoPress.com Twitter:@RossFM

San Francisco News Desk