#btc #Write2Win #bitcoin #Web3 New Android malware steals private keys from screenshots and images

A new Android malware called SpyAgent, discovered by McAfee security software, can steal private keys stored in screenshots and images on the smartphone's internal memory.

Specifically, the malware uses a mechanism called optical character recognition (OCR) to scan images stored on smartphones and extract words from them. OCR is present in many technologies, including desktops, which can recognize, copy, and paste text from images.

McAfee Labs explains that malware is distributed through malicious links sent via text messages. The cybersecurity company has analyzed this process, starting with unsuspecting users clicking on the link.

The link will redirect users to a seemingly legitimate website and prompt them to download an app presented as trustworthy. However, this app is the SpyAgent malware, and installing it will compromise the phone.

According to reports, these fraudulent programs are disguised as banking apps, government apps, and streaming services. When installing the apps, users are prompted to grant the app access to contacts, messages, and local storage.

The control panel that the bad actors use to manage data stolen from victims. Source: McAfee

Currently, this malware primarily targets South Korean users and has been detected by McAfee's cybersecurity experts in over 280 fraudulent applications.

Malware attacks increased in 2024

In August, similar malware affecting MacOS systems named 'Cthulhu Stealer' was identified. Like SpyAgent, Cthulhu Stealer disguises itself as legitimate software and steals users' personal information, including MetaMask passwords, IP addresses, and private keys for cold wallets on desktops.

In the same month, Microsoft discovered a vulnerability in the Google Chrome web browser, which could be exploited by a North Korean hacker group called Citrine Sleet.

The hacker group is believed to have created fake cryptocurrency exchanges and used those websites to send fraudulent job applications to unsuspecting users. Any users who follow this process inadvertently install remotely controlled malware onto their systems—this malware has stolen users' private keys.

Since then, the Chrome vulnerability has been patched. However, the frequency of malware attacks has led the Federal Bureau of Investigation (FBI) to issue a warning about the North Korean hacker group.

$bnb $ada $trx