New Android malware steals private keys from screenshots and images

New Android malware steals private keys from screenshots and images


SpyAgent, an Android malware discovered by software security firm McAfee, can steal screenshots and private keys stored in a smartphone's internal storage.

Specifically, the malware uses a technique known as optical character recognition (OCR) to scan images stored on a smartphone and extract words. OCR is available in many technologies, including desktop computers, that can recognize, copy, and paste text from images.

McAfee Labs explained that the malware is spread through malicious links sent via text messages. The cyber security company broke down the process, starting with an unsuspecting user clicking on a link they received.

Examples of phishing apps found by McAfee. Source: McAfee

The link directs the user to a legitimate-looking website and asks them to download the app, which appears to be legitimate. However, the application is SpyAgent malware, installing it will brick the phone.

Betfury

According to the report, these scam programs are disguised as banking apps, government apps and streaming services. When installing the application, users are asked to give permission for the application to access contacts, messages, and local storage.

0191c954 30a1 79b9 ba63 1dea144605ad

The control panel was used by malicious actors to manage information stolen from victims. Source: McAfee

Currently, the malware is mainly targeting users in South Korea and has been found in more than 280 fraudulent apps by McAfee's cyber security specialists.

Related: Mac users beware: AMOS malware clones wallet apps and comes for your crypto

Malware attacks are on the rise in 2024.

In August, similar malware was identified affecting macOS systems called “Cthulhu Stealer”. Like SpyAgent, Cthulhu Stealer masquerades as a legitimate software application and steals personal information from the user, including MetaMask passwords, IP addresses, and private keys to cold wallets residing on the desktop.

That same month, Microsoft discovered a vulnerability in the Google Chrome web browser, which was likely exploited by a North Korean hacking group called Citrine Sleet.

The hacker group allegedly created fake cryptocurrency exchanges and used those sites to send fraudulent job applications to unsuspecting users. Any user who followed the process unknowingly installed remote malware on their system, which stole the user's private keys.

The Chrome vulnerability has since been patched. However, the frequency of malware attacks has prompted the Federal Bureau of Investigation (FBI) to issue a warning about a North Korean hacking group.

Magazine: Rose Drainer Creator Defends Crypto Hack Kit Leaking Wallet

Pin It on Pinterest