According to the Norwegian security firm Promon, this bug is an 'evil twin' of another bug that has the same name. Strandhogg 2.0 works by tricking the victim into entering their passwords on a genuine app with a malicious overlay. It can also take over other app permissions to hijack other sensitive data like your contacts, photos, etc., and even your real-time location.
It is also found to be more dangerous than the one that came before it because detecting it is hard. However, there's no proof so far about it being used in any active hacking campaigns. There are no effective ways to detect its attack yet and with the bug being capable of being abused by hackers, Promon has not released any more details about the bug and awaits Google to fix the vulnerability of its OS regarding this.
Google has said that the company acknowledges and admires the work of researchers, and has also released a fix of the issue they found. Google's Play Protect, now restricts apps that exploit the bug's vulnerability.
The bug attacks on Android's multitasking system that allows user to switch between recently opened apps. It makes its way into the victim's device as a normal app and as soon as the victim opens the app, the malicious app hijacks it and replaces it with malicious content, for example, a fake login window. This app won't need any permission to operate either.
For now, the risk is low, but that doesn't mean it isn't there. The best thing to do would be to update your Android devices that have the latest security updates as soon as possible.
