StrandHogg, unique because it enables sophisticated attacks without the need for a device to be rooted, uses a weakness in the multitasking system of Android to enact powerful attacks that allows malicious apps to masquerade as any other app on the device. This exploit is based on an Android control setting called ‘taskAffinity’ which allows any app – including malicious ones – to freely assume any identity in the multitasking system they desire.

Promon has conducted research of real-life malware that exploits this serious flaw and found all of the top 500 most popular apps (as ranked by app intelligence company 42 Matters) are at risk, with all versions of Android affected.

The vulnerability has been named by Promon as ‘StrandHogg’, old Norse for the Viking tactic of raiding coastal areas to plunder and hold people for ransom.

Promon’s study significantly expands upon research carried out by Penn State University in 2015, where researchers theoretically described certain aspects of the vulnerability. Google, at the time, dismissed the vulnerability’s severity, but Promon has tangible evidence that hackers are exploiting StrandHogg in order to gain access to devices and apps.