From Google to Samsung, Android smartphones are some of the most popular handheld devices around the world.
But if you have an Android smartphone, a new finding may raise some alarm bells.
Researchers from Promon have discovered a new security flaw that could let attackers ‘assume the identity’ of legitimate apps, in order to carry out on-device phishing attacks.
The bug is called StrandHogg 2.0, and can overlay a malicious version of any app over the real app, capturing all logins.
Worryingly, the attackers can impersonate multiple apps in one attack, giving them several opportunities to steal your passwords, according to Promon.
Security experts Sophos explained: “Because this attack is so hard to spot, and can steal almost anything on a device (GPS data, images, logins, SMS messages and emails, phone logs, etc.) there’s a chance it might be interesting to nation state hackers as well as criminals out for profit.”
(Image: Getty Images/iStockphoto)
The flaw affected anyone running Android versions 9.0 or earlier, according to Promon.
Thankfully, Google has now released a patch update,