Researchers at Norwegian security firm Promon have discovered a serious Android vulnerability which can be exploited to steal login credential, access messages, track location and more.
Called StrandHogg, the vulnerability affects all versions of Android, including Android 10, and the researcher who made the discovery says that it “leaves most apps vulnerable to attacks”.
It works by exploiting a problem in Android’s multitasking system, enabling malicious app to overlay legitimate apps with fake login screens that fool users into handing over security credentials.