Some of the apps at the Google Play Store including OkCupid, Grindr, Microsoft Edge, and Team discovered vulnerable to hacking. This could allow the hackers to steal your bank data and can also bypass the two-factor authentication on your device.
According to Check Point researchers Aviran Hazum and Jonathan Shimonovich, the found vulnerability is registered as CVE-2020-8913. Even Google already provided a patch way back in April 2020, still have the vulnerability remained. It works on the Google Play Core Library, which Facebook, Google Chrome, SnapChat, Instagram, Edge and other popular apps used.
The blog stated that with this susceptibility, hackers could draw on into the sandbox of the app, then inject a malicious code into the app’s framework. By this, the hacker will have the capability to add malware to any smartphone. This can result in a bank credential hijacking together with SMS permission to steal the two-factor authentication, and device location. It could also use to gain access to corporate resources like messaging, file storage, and send messages to the victim itself.
Check Point said that this vulnerability has been getting security patches from the apps, but it is not clear if how many apps still vulnerable. However, this kind of attack is becoming a trend this year. So the best thing to do is to keep our apps updated. And if possible, we should use banking and financial apps and other sensitive information on a separate device.
Source: checkpoint
