A new Android malware strain known as SpyAgent is making the rounds — and stealing screenshots as it goes. Using optical character recognition (OCR) technology, the malware is after cryptocurrency recovery phrases often stored in screenshots on user devices.
Here’s how to dodge the bullet.
Attackers shooting their (screen) shot
Attacks start — as always — with phishing efforts. Users receive text messages prompting them to download seemingly legitimate apps. If they take the bait and install the app, the SpyAgent malware gets to work.
Its target? Screenshots of the 12-24-word recovery phrases used for cryptocurrency wallets. Since these phrases are too long to easily remember, users often take screenshots for future reference. If attackers compromise these screen captures, they can recover crypto wallets to the device of their choosing, allowing them to steal all the digital currency they contain. And once funds are gone, they’re gone — the nature of cryptocurrency protocols means that when transactions are completed, they can’t be reversed. If money is sent to the wrong address, senders must ask recipients to create and complete a return transaction.
If users screenshot their recovery phrase and have it stolen by SpyAgent, attackers need only recover the wallet and transfer funds to the destination of their choice.
The malware has been making the rounds in South Korea, with more than 280 APKs affected, according to Coin Telegraph. These applications are distributed ou ..
Support the originator by clicking the read the rest link below.
