According to Cointelegraph, a new Android malware named SpyAgent has been discovered by software security firm McAfee. This malware is capable of stealing private keys stored in screenshots and images on a smartphone’s internal storage. SpyAgent employs optical character recognition (OCR) technology to scan and extract text from images stored on the device. OCR is commonly used in various technologies, including desktop computers, to recognize and manipulate text from images.
McAfee Labs detailed that the malware is distributed through malicious links sent via text messages. The process begins when an unsuspecting user clicks on a link they receive, which redirects them to a seemingly legitimate website. The site then prompts the user to download an application that appears trustworthy but is actually the SpyAgent malware. Once installed, the malware compromises the phone. These fraudulent applications are often disguised as banking apps, government applications, and streaming services. Upon installation, users are asked to grant the application permissions to access contacts, messages, and local storage.
Currently, SpyAgent is primarily targeting South Korean users and has been detected in over 280 fraudulent apps by McAfee cybersecurity specialists. The rise in malware attacks has been notable in 2024. In August, a similar malware affecting MacOS systems called “Cthulhu Stealer” was identified. Like SpyAgent, Cthulhu Stealer masquerades as legitimate software and steals personal information, including MetaMask passwords, IP addresses, and private keys for cold wallets on the desktop.
During the same month, Microsoft discovered a vulnerability in Google Chrome’s web browser, which was likely exploited by a North Korean hacker group known as Citrine Sleet. This group reportedly created fake cryptocurrency exchanges and used those sites to send fraudulent job applications to unsuspecting users. Following through with the process led to the installation of remotely controlled malware on the user’s system, which then stole private keys. Although the Chrome vulnerability has since been patched, the frequency of these malware attacks prompted the Federal Bureau of Investigation (FBI) to issue a warning about the North Korean hacking group.