Researchers have publicised a critical security flaw in Android which could be used by attackers to “assume the identity” of legitimate apps in order to carry out on-device phishing attacks.
Discovered by Norwegian company Promon, the bug is called ‘StrandHogg 2.0’, the name denoting that this is an “evil twin” follow up to a similar flaw of the same name made public by the company last year.
Strandhogg is, apparently, the old Norse word for the Viking tactic of sailing up to coastal towns and plundering them, which isn’t a bad description of what the bug might be capable of if it were used in a real attack.
